The lost emergency signal

Learning goals

• Apply a spectrum analyzer to find a wireless signal

• Understand carrier frequency and bandwidth, short range device governance

• Apply GNU Radio to decode an amplitude modulated signal

• Explain the function blocks in a digital wireless communication network, radio wave propagation

Introductory problem

Your professor has been working on an emergency health monitoring system. The device is designed to transmit real-time patient data, such as temperature and oxygen saturation, within an area of about 50 meters. During a late night experiment, due to exhaustion, they forgot where the device prototype was placed. The prototype transmits periodic signals, and it is extremely valuable because it is the only working prototype. To make matters worse, the device is battery-operated, and the battery may soon run out.

Can you help solving the problem?

Preparation

Preparation could take around 1.5 hours.

Software setup

We will solve the problem using two tools: Gqrx and GNU Radio. Install:

1. GNU Radio according to the instructions on their wiki.

   • Windows & MacOS: You will install radioconda which includes many apps including GNU Radio.

   • Linux: The tool should be available in your repository, e.g., gnuradio-companion on ArchLinux.

2. Gqrx

   • Windows & MacOS: radioconda will automatically install Gqrx. You can test by typing Gqrx in your start bar.

   • Linux: Search for gqrx

Testing Gqrx with a recorded signal

1. Download the compressed IQ file: gnuradio/lost-emergency-signal.raw.zip

2. Unzip the file. You should get lost-emergency-signal.raw.

3. We will now copy the path of the file for Gqrx, because Gqrx does not have the feature to select a file in a file manager. If you don’t know the paths of the file, the following may help:

   A. In Windows, you can use a shortcut to copy the path of a file. Select the *.raw file and press CtrlShiftc to copy the path. B. In Windows, you can right click on the file and on the opened menu, select Copy as path.

   We will paste this path in the next steps.

4. Run Gqrx.

5. Open Configure I/O devices. If you are running Gqrx for the first time, you should see this window directly.

6. In Device drop-down menu, select Complex Sampled (IQ) File.

7. In the Device string use file= variable to configure the path to the IQ file. Paste the path that we gathered before to replace the path as follows:

   file="C:\Users\u\downloaded folder\lost-emergency-signal.raw"

   We are not finished. Gqrx does not know about Windows folder separator symbol \ (backslash) and interprets them as an escape symbol as in the Linux world. We have to replace \ with /:

   file="C:/Users/u/downloaded folder/lost-emergency-signal.raw"

   We are still not finished. Now we have to convert the double quotation marks to single quotation marks:

   file='C:/Users/u/downloaded folder/lost-emergency-signal.raw'

   We need the quotation marks, because we have a space character ( ), in our path. If the right quotation marks are missing, you get the following error:

   Parameter 'rate' is missing in arguments.
   Please select another device.
   

8. Finally, we have to set the sample rate. The IQ file was sampled at 2 MHz, so we have to set this accordingly so that our recording is played at the right pace:

   file='C:/Users/u/downloaded folder/lost-emergency-signal.raw,rate=2e6'

   e stands for exponent in the E notation. \(2e6 = 2\cdot 10^6\).

   Configuration variables in the Device string other than rate are not relevant.

9. Make sure that you left other settings as default. Especially Input rate should be empty, otherwise it may change the sample rate and the signals that you hear will be skewed.

10. Click OK. You should see the main window.

11. Click on the ▶️ button located in the top-left corner. You should see a spectrum moving like on the homepage of Gqrx If you activate a demodulation technique like WFM, you should hear something – most likely noise.

Warning

When you use a sample file as the Device, the Frequency setting on the main window does not have any effect.

Signal processing basics and GNU Radio

Signal processing basics and and intro to GNU Radio will be helpful for solving the problem. Feel free to skip parts that are familiar to you.

Before we try to solve , let us introduce ourselves into the tool and signal processing basics.

1. Read through the page What is GNU Radio. Be prepared to explain:

   • What is GNU Radio and how can it help us to solve our problem?

   • What is software-defined radio (SDR)?

   • What is the main data do you get from an SDR?

2. Create your first flowgraph.

Exercise 2

Why do we see two sine shaped signals in the time domain?

Hint: Double-click on the each block and change their type from complex to float. How does the signal in the time domain look like now?

Installing drivers for ADALM-PLUTO

You can follow these instructions even you don’t have the hardware right now. We will test the hardware in a later step.

If you get any problems during installation, PlutoSDR Quick Start may be worth a look.

Windows

1. Install Libiio. Go to their releases page. Pick the newest release and browse to the Assets. If you don’t see the installation file for your operating system, e.g., *.exe for Windows, then click on Show all ... assets. Then you should see all installation files.

2. Install PlutoSDR m2k USB drivers using their releases page. Similar to the previous step.

MacOS

1. Install Libiio similar to Windows

2. According to the MacOS driver page on Analog Devices wiki you may have to change the USB Ethernet compatibility mode.

Linux

1. Libiio must be installed and it could already be available in your distribution. For example, on ArchLinux the package is called libiio.

2. Soapy driver for PlutoSDR, e.g., on ArchLinux soapyplutosdr.

---

In-class activities

After the installation of software, we will get the hardware ready and connect the hardware to the software.

Testing if your operating system sees ADALM-PLUTO

When you connect ADALM-PLUTO, a file manager may pop up, because ADALM-PLUTO exposes itself both as a USB storage and Ethernet adapter. If ADALM-PLUTO does not behave like a USB storage, then check if you connected the USB cable to the USB socket in the middle and not the USB power socket on the right corner.

Checking firmware update

The software stored on the device which does not get often updated is called firmware. We should typically update the firmware if there is a firmware update, because new drivers may depend on them.

The USB storage interface can be used to update the firmware:

1. Connect ADALM-PLUTO. A file manager should show up with some files including info.html. Open this file. A browser window should pop up.

2. This is a guide for ADALM-PLUTO. On the top, you should see many light blue greenish buttons including Firmware. Hover your mouse on Firmware, then click on Upgrade Firmware. The browser will scroll down to Firmware section.

3. Status of the PlutoSDR may show whether you need a firmware update or not.

   If:

   • it does not require firmware update, skip this section about firmware update.

   • it shows that you need one, then proceed with next step

   • it shows Can't check right now, try manually, then look at the Build information in Version Information table below. Remember the Build version number, e.g., v0.39 and compare it with the latest release by clicking on Check the latest version on info.html. If there is a newer version, continue with the next step, otherwise leave this section.

The following steps are based on the instructions here. If you prefer to see screenshots of the following process, refer to their wiki instead of the following instructions.

1. Download the zipped firmware from the releases page that you opened in the previous step. It must be a zip file.

2. Remember that ADALM-PLUTO behaves like a USB storage. Go back to its files and copy the zip file you downloaded to the folder. The file should be visible in the same folder as info.html.

3. Eject the USB storage.

4. ADAM-PLUTO’s LED1 will start blinking rapidly. This means that it is updating its firmware. It should take about 30 seconds. After the end of the firmware update, the LED1 blink slowly again like this pattern: *-*--------*-*--------.... The file manager should show up again and the zip file you copied should be gone.

5. Make sure that the device is updated by check the firmware version like we did in a previous step.

That was not easy. Congratulations 🎉

Extending the frequency range of ADALM-PLUTO

ADALM-PLUTO is based on the AD9363 transceiver, which covers frequency ranges from 325 MHz to 3.8 GHz. In the next sections we will try to receive FM signals, which are around 100 MHz. In this section we will extend this range.

According to the ADALM-PLUTO wiki page, early PlutoSDR devices were based on AD9364, which supports 70 MHz to 6 GHz. Moreover, apparently, AD9364 and AD9363 chips are nearly identical.

Maybe AD9363 chips are not reliable as AD9364 chips, so they are operated on a specific range.

We will first check, if the extended range is activated, and update the setting accordingly.

1. Open a terminal, also called Command Prompt or shell.

2. Check whether ADALM-PLUTO is accessible through its IP address:

   ping 192.168.2.1
   

   You should see something similar to

   Reply from 192.168.2.1: bytes=32 time<1ms TTL=64
   

   If not, check your USB connection.

3. Now we will connect remotely to the operating system on the ADALM-PLUTO:

   ssh  -o "StrictHostKeyChecking no" root@192.168.2.1
   

   If you get a password prompt as follows:

   root@192.168.2.1's password:
   

   ssh stands for secure shell. Then provide the default analog as password and Enter. You should get on your command prompt something similar to:

   Welcome to:
   ______ _       _        _________________
   | ___ \ |     | |      /  ___|  _  \ ___ \
   | |_/ / |_   _| |_ ___ \ `--.| | | | |_/ /
   |  __/| | | | | __/ _ \ `--. \ | | |    /
   | |   | | |_| | || (_) /\__/ / |/ /| |\ \
   \_|   |_|\__,_|\__\___/\____/|___/ \_| \_|
   ...
   #
   

   If

   • you got this prompt you can proceed with the next step ➡️.

   • else if you instead got something similar to:

   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
   @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
   

   , then you may have connected to a different ADALM-PLUTO before. ssh is trying to protect you, but we changed the hardware ourselves, so we want to remove the identification of the old hardware:

   ssh-keygen -R 192.168.2.1
   

   You should get the message that your known hosts are updated.

   Now try the ssh connection command again.

4. We have a remote shell to the OS on the ADALM-PLUTO now. Use the following command to check whether the range extension is enabled:

   fw_printenv attr_name attr_val
   

   If:

   • you get something similar to the following:

     # Error: "attr_name" not defined
     # Error: "attr_val" not defined
     

     then proceed with the next step ➡️.

   • else you probably got the following output:

     attr_name=compatible
     attr_val=ad9364
     

     This means that the extended range is activated and you can skip this section ⏭️.

5. Provide the following commands one after other, i.e., use Enter after each command:

   fw_setenv attr_name compatible
   fw_setenv attr_val ad9364
   reboot
   

   Due to the reboot, you will be automatically disconnected.

6. Now, the firmware should be working in the extended frequency range mode.

   Optional: Reconnect using ssh similar to the previous step and check whether you get the expected output after issuing fw_printenv attr_name attr_val.

Testing Gqrx with Hardware

1. Attach your SDR to your computer.

2. Run Gqrx.

3. Open Configure I/O devices. If you are running Gqrx for the first time, you should see this window directly.

4. In Device drop-down menu, select your hardware. ADALM-PLUTO should be available as:

   PlutoSDR #0 usb:...
   

   If you don’t see PlutoSDR, there could be a problem regarding device drivers.

   Choosing the hardware should change the Device string.

5. Leave other settings in their default and click OK at the bottom. You should see the main window with Receiver Options on the right.

6. Click on the ▶️ button located in the top-left corner. You should see a spectrum moving. If you activate a demodulation technique like WFM, you should hear something – most likely noise.

Tip

Resetting Gqrx settings If you have problems and would like to reset your Gqrx settings:

• Windows: type gqrx in your start bar, then click on gqrx [reset]. After resetting, Gqrx will start with Configure I/O devices again.

• Linux: rm -r ~/.config/gqrx.

Tuning to an FM radio station with Gqrx

We will try to tune to an FM radio station using the radio hardware. FM broadcast band typically uses 87.5 to 108 MHz band.

1. Try to tune to 100 MHz by changing the frequency on the black window. You can either

   • use your mouse wheel to change the individual digits or

   • enter the frequency using your keyboard.

   100 MHz is used for radio broadcasting and if a radio sends at this frequency you should hear something. You will see that 100 MHz will be the center frequency and you will see a range spanning some MHz around the center frequency.

   You should see some peaks in the shown frequency range. The highest peak will be on your center frequency, but you may hear noise and nothing meaningful.

2. If you don’t hear anything or just hear noise:

   On Receiver Options on the right column

   • change Mode to WFM (stereo).

   Mode determines how you interpret the signal you receive. For example AM focuses on how high the signal level is (amplitude) and WFM focuses on the frequency of the signal.

3. Move the 🔴 vertical line to a peak. If you are lucky you should hear scratchy and unclear voice or music.

   For example, I see a peak on 103.6 MHz, on which Radio Play transmits in Storkøbenhavn.

Exercise 3

Tune to a radio station.

1. Modify Filter width by moving the mouse pointer to the spectrum. Press and hold Ctrl + 🖱️ wheel. This changes the filter width which is represented by the transparent grey area around the red line.

2. Modify the offset of the grey area by using the previous mechanism but using Shift instead.

What happens with the signal quality?

Try to interpret the FM signal using AM. You probably hear an unclear version of the FM-demodulated signal. Why?

FM encodes information through small frequency changes on the carrier signal. AM encodes information by changing the amplitude only. I believe, the frequency changes on the FM signal result in some amplitude changes which are correlated to the source signal and can be heard.

The only source I could find on this topic is this project which is not conclusive.

Finding the lost emergency signal

Now try to solve the challenge by finding the signal. In the following you will find info and questions that can help you along the way.

Your professor says:

I remember having used something in the range of couple of hundreds MHz.

Transmitting electromagnetic waves can interfere with other systems and therefore this is regulated by the government. I try to be a good citizen and used a frequency which is used in the short-range and does not require any permission from the government.

Tip

Take at least two minutes to think and research about the questions before you look into the solutions.

Which frequency may they have used?

Maybe you remember from other courses the industrial, scientific, medical (ISM) radio band. Examples for ISM applications are RF heating, microwave ovens. Obviously these are not for telecommunication, however these applications may disturb telecommunications. Probably this is the reason why this band is not regulated – if you use it, then you may see interference and you have to deal with this problem. In the linked article above you see 433 MHz, which fits to the hint.

Wikipedia is a secondary source. Let us be more stringent and look for a primary source about frequency regulations.

European Conference of Postal and Telecommunications Administrations (CEPT) coordinates telecommunication- and post-related affairs of member countries. One component is the Electronic Communications Committee (ECC). A large group or body typically requires support for tasks like communication, coordination, documentation, etc. The body which is responsible for this tasks is called secretariat, which word you probably know from daily life. The secretariat of ECC is the European Communications Office (ECO).

ECO provides a tool called ECO frequency information system (EFIS). Use the quick search feature and select:

• Frequency

  • from: 433

  • to: 434

  • MHz

• Frequency table: Denmark

• click Search

You should see text similar to:

Applications:Amateur, Amateur-satellite, Alarms, Model control, Non-specific SRDs

432 MHz - 438 MHz: 5.138

When you hover on the Footnote 5.138, you will see a list of ISM band frequencies, which confirm that 433 MHz is in the ISM band.

Amateur indicates that this band may be used by licensed amateur radio operators. You can get a license you have to pass a test organized by the government.

So, you cannot transmit radio waves without getting a amateur radio operator license?

No, you can, but only to a limited energy which ensures limited interference with other devices, e.g., in context of an SRD, which you also see in the excerpt above.

SRD stands for short-range-device. Let us be stringent again and search for government-provided information.

EFIS, which we introduced before, has helpful information on SRDs:

• Click on the top right corner on the Information. A drop-down menu should appear

• Click on Short Range Device Information (link). You should see a long list of sub-documents belonging to the document ERC Recommendation 70-03.

An excerpt from the Recommendation Text:

The term “Short Range Device” (SRD) is intended to cover radio equipment which has a low capability to cause interference. The use of SRD is usually covered by general / non-exclusive on a non-protected, non-interference basis. …

The short-range can be ensured by limiting the power used for transmission, however the effective power in the air will also be dependent on the antenna. A device with a high power but no antenna will typically reach a smaller radius compared to a device with less power but directed antenna. That is the reason why the engineers don’t simply speak of power of RF devices but introduced the concept of effective radiated power (ERP), which is standardized by IEEE.

Below Recommendation Text, we find ANNEX 1 about non-specific SRDs. An excerpt from this document:

Band	Frequency Range	Transmit Power	Duty Cycle	Additional Notes
g2	433.05MHz - 434.79MHz	1 mW e.r.p.	No requirement	Not specified
g1	433.05MHz - 434.79MHz	10 mW e.r.p.	≤ 10% duty cycle	Not specified
g3	434.04MHz - 434.79MHz	10 mW e.r.p.	No requirement	≤ 25 kHz

Why do we have three different rows for the same frequency range with two different Transmit Powers?

We see that the higher transmit powers have additional requirements. If we want to transmit 10 mW ERP instead of 1 mW, then we must either limit our duty cycle or bandwidth around the frequency that we use.

Duty cycle is the relative interval in a transmission period where we utilize the band. A low duty cycle leaves other RF transmitters time to transmit data.

What does around mean? When we use radio communication, we typically use a constant carrier frequency as a base and change it according to our needs to encode information. We can for example encode information by varying the carrier frequency or signal’s amplitude. But we want to limit how much we increase/decrease the center frequency, because we want to be a good neighbor. ≤ 25 kHz above is this bandwidth limit and means that we may use the frequencies 12.5 MHz on either side of the center frequency.

Let us put the knowledge we got together. The center frequency is probably from 433.05 to ~435 MHz. It may spread about 25 kHz and can have a duty cycle – assuming that the professor is a good citizen and did not make any mistakes during the night 🤞.

How do I find the carrier frequency?

We should first search for some signal activity in the spectrum we tuned to. The signal must be larger than the noise so that we can pick the signal up. For example, the following figure shows five peaks in the tuned spectrum:

Fig. 1 Gqrx screenshot showing five peaks in the spectrum above and waterfall diagram below
CC BY-SA 4.0. By Fellegis. Source: Wikimedia Commons

First we tune to a specific peak and then we can try to demodulate the signal.

What is the advantage of the flowing diagram below?

It shows us how the peaks change over time. Besides the spectrum above, this diagram can be useful for finding the signal. The signal should become gradually darker when we move away from the signal.

Blue areas indicate weak or absent signals, while higher signal power appears in red. The colors transition like blue water slowly flowing downward—doesn’t it? This visualization is called a waterfall plot.

How do we demodulate?

We should first know the modulation technique used. Gqrx already provides some. Try these.

How do we demodulate using GNU Radio?

To understand the building blocks of demodulation, let us try the demodulation with GNU Radio.

The following flow graph can demodulate the signal. You had already an introduction to GNU Radio and should be able to recognize some blocks. Let us shortly analyze it, even we will introduce some concepts in the next chapter in detail.

Fig. 2 Flow graph for demodulating an analog signal. gnuradio/am_decode.grc.

Exercise 4

The sound may be too weak. Make the voice signal louder.

Tip: Use the GUI Range widget to create a volume slider.

Exercise 5

Create a spectrum analyzer that shows you similar output to Gqrx — with a frequency spectrum window and a waterfall diagram.

Homework

Create a table of all SRD frequencies that you may use for data transmission without license. Include requirements like duty cycle and bandwidth too.

Further resources

• Outdated Gqrx-related documentation

• Details about ADALM-PLUTO, e.g., where does the name come from and internal details.