GPS simulating

Discussions related to modulation techniques, filtering, error correction and detection, wireless link layer implementations, etc
Post Reply
peekli
Posts: 7
Joined: Mon Jun 13, 2016 6:30 am

GPS simulating

Post by peekli »

Hi:

I have bought a brand new bladerfx40.
I want to try GPS spoofing, but failed on WIndows 8.1 and ubuntu 16.04.

the main test code is from:
github.com/osqzss/gps-sdr-sim
and the version the latest (current time).

before test, I use a GPS attenna fixed into TX port of bladeRF.

On Windows: (win8.1 64 bits)
1. Build gps-sdr-sim with Visual Studio Community 2013.
2. gps_sdr_sim -e brdc1640.16n -l 30.286502,120.032669,100 -b 16 -d 60
where the brdc1640.16n is downloaded from ftp://cddis.gsfc.nasa.gov/gnss/data/daily
3.modify bladerf.script as following:
set frequency 1575.42M ---> set frequency tx 1575.42M
4. bladeRF-cli -s bladerf.script
the result is following:

Code: Select all


  Set TX frequency: 1575420000Hz


  Setting RX sample rate - req:   2600000 0/1Hz, actual:   2600000 0/1Hz
  Setting TX sample rate - req:   2600000 0/1Hz, actual:   2600000 0/1Hz


  Set RX bandwidth - req:  2500000 Hz actual:  2500000 Hz
  Set TX bandwidth - req:  2500000 Hz actual:  2500000 Hz


  TXVGA1 Gain: -25 dB


  LPF tuning module: 25

  TX LPF I filter: 35
  TX LPF Q filter: 35

  RX LPF I filter: 30
  RX LPF Q filter: 33

  RX VGA2 DC reference module: 27
  RX VGA2 stage 1, I channel: 37
  RX VGA2 stage 1, Q channel: 45
  RX VGA2 stage 2, I channel: 27
  RX VGA2 stage 2, Q channel: 35


TX DC I: Value =    64, Error =  0.406
TX DC Q: Value =   272, Error =  0.415
If I detect the signal by a android phone (Samsung A9000), with a software named "GPS Test Plus", it render
Screenshot_20160614-105105.png
The software "GPS test Plus" can be approved by a real gps signal from the sky, as following:
Screenshot_20160613-100732.png
the gray bar means the signal is received, but that signal are not useful to fix the GPS position.
the yellow and green bar are correct signal and are useful to fix the GPS position.

I also do above under ubuntu 16.04 64 bits. summarized as following;
use apt install gnuradio.
use apt install bladerf and bladerf-dev
compile the source code above. (github.com/osqzss/gps-sdr-sim)
the result is same as under windows....as:

TX DC I: Value = 64, Error = 0.406
TX DC Q: Value = 272, Error = 0.415

the Error value above maybe different every time I try.....

I tested above with firmware 1.9.0 as well as 1.8.0. USB2.0 and USB3.0 both tested.

Code: Select all

bladeRF> version

  bladeRF-cli version:        1.3.1
  libbladeRF version:         1.5.1

  Firmware version:           1.8.0
  FPGA version:               0.5.0

bladeRF> print

  RX Bandwidth:   2500000 Hz
  TX Bandwidth:   2500000 Hz

  RX Frequency: 2484000000 Hz
  TX Frequency: 1575420000 Hz

  GPIO: 0x000000af
    LMS Enable:         Enabled
    LMS RX Enable:      Enabled
    LMS TX Enable:      Enabled
    TX Band:            High Band (1.5GHz - 3.8GHz)
    RX Band:            High Band (1.5GHz - 3.8GHz)
    RX Source:          LMS6002D

  Loopback mode: none

  RX mux: BASEBAND_LMS - Baseband samples from LMS6002D

  RXLNA Gain:    6 dB
  RXVGA1 Gain:  30 dB
  RXVGA2 Gain:   3 dB
  TXVGA1 Gain: -25 dB
  TXVGA2 Gain:   0 dB

  Sampling: Internal

  RX sample rate: 2600000 0/1
  TX sample rate: 2600000 0/1

  Current VCTCXO trim: 0x8e08
  Stored VCTCXO trim:  0x8e08

  VCTCXO tamer mode: Disabled

  Expansion GPIO register: 0xffffffff
  Expansion GPIO direction register: 0x00000000

bladeRF> info

  Serial #:                 9-------------------------------------------
  VCTCXO DAC calibration:   0x8e08
  FPGA size:                40 KLE
  FPGA loaded:              yes
  USB bus:                  0
  USB address:              1
  USB speed:                Hi-Speed
  Backend:                  Cypress driver
  Instance:                 0

It there any hint to me to continue try ?
peekli
Posts: 7
Joined: Mon Jun 13, 2016 6:30 am

Re: GPS simulating

Post by peekli »

The error value is bladerf Calibration result.
the bladerf.script itself has calibrate it. as flollowing:

Code: Select all

set frequency tx 1575.42M
set samplerate 2.6M
set bandwidth 2.5M
set txvga1 -25
cal lms
cal dc tx
tx config file=gpssim.bin format=bin
tx start
tx wait 
The result is:

Code: Select all

TX DC I: Value =    80, Error =  0.416
TX DC Q: Value =   256, Error =  0.417
can any one tell me that the above calibration result is correct or not ?
jynik
Posts: 455
Joined: Thu Jun 06, 2013 8:15 pm

Re: GPS simulating

Post by jynik »

Those calibration results are very good. The "error" quantifies how many DAC/ADC counts offset from 0 the result is. The possible range is [-2048, 2047]. Thus, less than 1 is good and no further correction is possible within the device itself.

Just curious, is your mobile under test in "Airplane Mode?" If not, do you see better results with it in this mode?
peekli
Posts: 7
Joined: Mon Jun 13, 2016 6:30 am

Re: GPS simulating

Post by peekli »

thank you, jynik.

I tried again, and succeeded to fix the GPS position one time. Later try failed...
What I did is as following:
1. attach a VAT -30+ attenuator to bladerf Tx port, and then fix the GPS attennna onto this attenuator, like this:
Screenshot_20160615-124648.jpg
I put the test mobile phone very near the attennna (not attenuator) during test and turn off mobile phone's wifi...

2. do the steps under ubuntu 1604 64 bit environment as described in my first post.
3. the successful result as following:
Screenshot_20160614-233028.png
Screenshot_20160614-233045.png
I will try more to find out what environment will make it more stable...

any suggestion welcomed !
peekli
Posts: 7
Joined: Mon Jun 13, 2016 6:30 am

Re: GPS simulating

Post by peekli »

Now I come back with more stable result again.

first, the result:

successul signal bar.
Screenshot_20160615-151812.png
successful position:
Screenshot_20160615-145202.png


google map shows:
Screenshot_20160615-151307.jpg
It is in middle of lake geneva. (Have been to geneva in the year 2012, love the city and lake very much)

I have tested 3 times with 2 phones, all test succeeded.

The difference is that I tested in a different place....
1. The unstable test previously said in at home. maybe the environment is not good for signal test.
I must turn off phone wifi for the luck to succeed. (randomly)
2. the stable rest in at company
Not need to turn off wifi.
Even USB 2.0 + Windows is stable enough.

Please be noted that, with all test, a 30 DB attenuator is installed to bladerf's Tx port.
pmmeasures
Posts: 9
Joined: Thu May 21, 2015 1:53 pm

Re: GPS simulating

Post by pmmeasures »

If you have not done so, in app goto options the three ... going downward top of screen , click location services , tap Mode and make sure not set to "Hi accuracy" and set to Device only.

Else the app will use mobile and wi-fi to increase accracy

and thus... will interfere with the result, this could be why it still said you were home and the comment about turning off Wi-Fi.

rgds
/paul.
peekli
Posts: 7
Joined: Mon Jun 13, 2016 6:30 am

Re: GPS simulating

Post by peekli »

Thanks pmmeasures. It exactly right that wifi and mobile network will affect.
zimler
Posts: 1
Joined: Wed Jul 13, 2016 2:09 pm

Re: GPS simulating

Post by zimler »

What kind of antenna were you using? I'm looking for one to try this software out.
jhenry
Posts: 2
Joined: Tue Feb 12, 2019 8:43 am

Re: GPS simulating

Post by jhenry »

Hello,

I know this post is couple of years old, but I am trying to replicate the gps spoofing using bladeRF and have followed the instructions here https://github.com/osqzss/gps-sdr-sim, to the letter. I have also used a 30db attenuator and using Android 7.1.1

I am using a new brdc file to generate the bin file and a new nmea csv file.

I keep jamming the signal but not able to get a fix of the different location. What am I missing here?

Thanks,
OskarM
Posts: 19
Joined: Sun Dec 09, 2018 3:02 pm

Re: GPS simulating

Post by OskarM »

Hi. I have been recently palying with bladeRF and ublox M8T module but using cable, not through antenna. The general feelings are that you should really minimize gain on bladeRF and not use external attenuators. The DC offset and IQ imbalance on TX side are huge vs typical GNSS signals - the only way to minimze them is to calibrate (usinge ie. RTLSDR) or reduce gain on TX side. The outcome was that ublox reported huge jamming and couldn't lock.

Besides - be aware that GPS antenna will give you another -3dBs if you use monopole antenna on bladeRF (RHCP vs vertical/horizontal polarization).
b.r.
jhenry
Posts: 2
Joined: Tue Feb 12, 2019 8:43 am

Re: GPS simulating

Post by jhenry »

Thank you Oskar. Still trying to figure out the problem with my transmitted signal.
dkelly
Posts: 4
Joined: Sat Sep 19, 2020 5:39 am

Re: GPS simulating

Post by dkelly »

Are you using an external precise 10 Mhz clock, like a gpsdo? mine works fine.
Post Reply