 Without further ado, we have Schneider here talking about GR iridium. So please give him a warm welcome. Hi everyone This talk will be about GR iridium our new radio out-of-tree toolkit to receive stuff from iridium And just maybe quickly about me. So I'm from Munich with the CCC there for now over 10 years have done first blinky things and then more Electronic embedded stuff the badges for the camps was involved there and around four years ago Started to look together a sec also someone from the Munich CCC into iridium This talk will be as mentioned mainly about the out-of-tree module. So it will be rather technical and more about signal processing part and how to effectively do this on a Not that modern machine anymore. If you're interested in how does iridium work? What kind of data can you see there? How to use the tools and everything I suggest looking at these two talks. We especially the last one from the 11th Hope Gives a good overview over the whole tool chain because the tool chain doesn't exist out of Doesn't only consist out of GR iridium. That's also the iridium toolkit written in python Which is mainly there to make sense of the receive data So quick introduction to iridium. It has been up there for now almost 20 years I guess a few satellites are up 20 years already it provides a number of different services data voice SMS pagers Short burst data which is more for machine-to-machine communication and lots of things You couldn't even count all of them at least I can't it has 66 logical satellites especially the older satellites they sometimes Teamed them up. So you'd have two satellites moving along close to each other and both of them slightly defective, but You put them together they make up for that and then you have like still one satellite It looks like one satellite to the receivers They are at the moment in the process of replacing all of these satellites with the iridium next satellites because these have reached the end of their lifetime and So iridium is there to stay and still probably for many years to come an interesting thing to look at Gareth Just was on the amp hour talking about using iridium for tracking tuna fishing buoys and He mentioned that yes, so When they were thinking about security for iridium They just said okay It's just going to be very very difficult to do because there's a huge Doppler shift and it's so complex and only Yeah, the most determined adversaries will be able to do this and yes, I mean we were determined and It took us roughly half a year to get from we have no idea about anything to we can at least decode something and From that point on together with the help also from the osmo-com people which do open source mobile communication in Germany It went pretty quickly from decoding one-way pages to decoding voice calls And No, that's all super interesting. I want to talk a little bit more about the single processing here, so we're talking about SDRs here software defined radio and Just to lay down a few terms here the most basic piece of information you can have there is a sample and a sample is in The world of SDRs made out of two numbers the in-phase and the quadrature component and we'll get to talk about that in a second but it's like the single piece of information and your SDR gives you a few millions of these per second and We would call that the stream so a stream is a number of samples coming in one after each other over time and that's what your algorithm is looking at a Burst is just an increase in energy in this stream. It's just says okay Something just came in there's something going on. We don't know exactly what yet, but We might want to look at this and in this picture over here Frequencies on the x-axis and energy is on the y-axis you can see these peaks here and Each of these peaks over time is a burst so it goes up and down and up and down and when energy goes up We have a burst These bursts contain symbols a symbol is the smallest entity of like actual data which can be in there and if you Assemble multiple symbols together you get a frame So not every burst contains symbols might just be noise, but burst coming from a radium satellite will contain symbols So this thing down here is an example of an iridium frame as it looks like in the waterfall It's just over time. How does this image evolve and you just have a preamble with some static content and then the actual data and if you throw this into our tool chain You get this thing with just zeros and ones coming out of it And that's where the out of freedom module stops and if you put that into the iridium toolkit It will decode stuff and will tell you okay. This is from following satellite and contains unnot sure pager messages or Ring alerts for a certain device iridium uses just slightly over 10 megahertz of bandwidth It starts at exactly 1.616 gigahertz. Then you have 10 megahertz of duplex channels This is where the actual voice data is and Where most of the stuff happens in these 10 megahertz you get 240 channels and Above this you get some special channels specifically the ring alert and the pager channel which have higher power they are there to even reach into buildings and You know at least ring a phone or deliver a one-way pager message to a pager, which is maybe sitting behind a glass window We originally started look just looking at the pager channel This is what we were interested in because you have these passive devices They just receive something and we were wondering who would use that and I mean you can you can guess I guess so And this is what it then looks like you have this is the animation time this goes up as a bird and You get hundreds of birds per second maybe a thousand of birds per second and This is then starting to demand a little bit of Computing power so here we zoom in a little bit and you can see there's channels here and and We get data from two different satellites right now and you can see that the The red line which just stays up if there's a burst It's it's wider than a single burst and what you can see here is the effect of the Doppler shift So the satellites start to come towards you then they're Just on top basically and then they leave you again and what this produces is a Doppler shift So this is the frequency a single satellite produces on this channel and first It's high and it starts to get lower and lower and lower and then tapers out over here And when it's just above you it the rate of change is the highest The big of an issue bit of an issue here is that the Doppler shift is larger than a single channel So you cannot just by looking at a frequency say okay? This is this channel or this is that channel because they overlap and This is actually what they were talking about in this slide so the Doppler shift makes it all so difficult because you You know you have to track all of this stuff But we simply decided to let's we'll just brute force it basically every time something comes in will just to decode it No matter in which channel it is and we'll just look at it afterwards. So that's the beauty of SDR You don't have to limit yourself to these specific filters or a certain You know how people fought in the beginning how you would do this You can just throw a little bit more computing powered it and then just go around the corner So how does an iridium burst look like you first have some unmodulated carrier it's different for the uplink and the downlink and then a unique section which identifies this as a Iridium frame every iridium frame contains the section So if you find it in a burst you can be sure this is an iridium frame and then later on most of the stuff here is the payload which is in a little bit higher a Range of modulation and now we'll get to a quick primer about IQ signals. So I mentioned that SCRs give you samples and they have an eye and a Q component and in face and a quadrature component Usually you would draw them on a On a complex plane. So you put the Q component up here in the eye component here and Every sample you get gives you a dot on this plane And to quickly give you an overview of how this then looks like Hope it's visible. Okay, so we have a signal. It's at 0 Hertz and With IQ signals you can have positive and negative frequencies There is no Special magic about that. It's just that you maybe tune somewhere in your frequency band Let's say at 1.6 to 6 gigahertz and you grab 10 megahertz of it Then you get minus 5 to plus 5 megahertz in your spectrum that you get out of there And this dot right here is our signal right now. It's on the complex plane. It doesn't move But if I give it a little bit of a frequency Positive frequency in this case you can see it it starts moving counterclockwise. So constant movement means frequency and I can also go around and Get it to stop again basically and Just change It's angle using this slider. So here I can just drag you around on the plane and that's just a phase offset so if you have phase shift keying what will happen is that this Dot just jumps around in the plane and every time you get a New symbol it might just get a little bit of a phase offset and then it jumps from one place to another place and If you add a second signal to this because this is just a single frequency What you get is that it's just superimposed So now I've added a little bit weaker signal with a higher frequency and it will just rotate around The already rotating point. It's like a you can it's almost like planets and moons rotating around each other so a A fixed rotation somewhere here is a phase shift if it keeps rotating you have a frequency shift and The distance from the origin here is the amplitude. So the further away from the origin the more energy your signal has and Sometimes you also see plots like these so we have a red line and a blue line here one of them is I one of them is Q and They always come in pairs and every sample here gives you one of these pairs and over time you can then see how the signal evolves so an iridium burst in this view will look like just Concert energy on both channels then you get the unique word which identifies the frame and here the blue and the red signal I and Q they go together they stay on top of each other and you only have high and low And this is the unique word and over here in the payload you can see they start to Diverge from each other. So sometimes you have the red one on top and the blue one on the bottom or the other way around and this means here Every symbol can encode four different states or two bits and over here every symbol can only Encode two different states or one bit. So this is binary shift keying and this is quadrature shift keying So how does the whole thing work you see in the animation where the peaks went up and down and If you just you know flatten that out basically and up here is The beginning and over time it evolves in this direction here You have the frequency and the brighter it gets the more energy you have this is called a waterfall and The first thing you do is you run an FFT which gives you basically this picture for For the algorithm and you just pick out some region where there's energy and let's say we want to have a look at this This thing over here. This is the signal. We're interested in and What we do is we just detect the energy We cut out a little bit of our signal we leave a little bit of noise in front and we Leave a little bit of stuff behind so we are sure that everything is inside it and we just marked the frequency where this burst happens then What you do is you rotate the whole thing so everything which was on the left over there Just rotate it in on the right and the signal which was over here We've just moved over here into roughly the middle of our spectrum This makes it easier for the algorithms to work with the signal almost all signal processing algorithms which operate on these signals expect the signal to be roughly centered at zero Hertz. This is where they want it and This is the first step to just roughly get it there next step is We put a filter around it so we throw away everything which is on the sides and then we actually also Reduce the amount of data which we are processing by just taking every tenth sample for example This gives you just the information in the middle and you can throw out the rest which makes it easier to Handle all the data which is coming in because we're still talking about like a thousand bursts per second here then it gets easier to Look at the signal and you just have a look at okay. Where does the energy actually start you cut away everything above it and Then the nice part about an iridium signal is this unmodulated part up here Which makes it pretty easy to say okay, we'll just take a very fine Frequency estimation over this thing and this will give us a much better estimate of Where is this the signal Located where zero Hertz because you can see that over here the INQ components. They form these sinusoidal waves, which is an indication. It's still rotating a little bit in the plane and After moving it exactly in the middle. You see there's no change anymore in the INQ part They're not on top of each other, but at least they're not rotating anymore. There's somewhere in the plane So what do we do? We rotate the whole thing so that these two two components are on top of each other and then you can start to see okay over here is our unique word we can correlate against that thing we know how it should look like and we just Basically run an algorithm which looks for this Pattern and as soon as it finds this pattern it produces a peak and says exactly at this sample this pattern appears and Now we have everything we need we have we know exactly where does our signal start? We have rotated it nicely so that we can directly look at each single symbol there and decide is the blue one on top and the red one on the bottom and then it's a 0 1 or the other way round and Get to a stream of bits. That's all we wanted. So Looks nice in the pictures and in theory, but how do you make a computer do this? Well, that was a Lot of work and back at the 32c3. We had something implemented in python So it we prototyped all of this stuff in python. It took us roughly I guess one and a half years or something like that and What we had done was so the str comes in you put everything into the fft. There's a burst detector which Just looks for the energy and then I mentioned you look for the energy and then you cut something out of the signal These cuts were put into a queue but every single Once of these cuts was roughly one megabyte of data. So you get a whole lot of Potential iridium frames in here and then it fans out into a Chain of filters and decimators the down mixer who was just doing you know shifting it over and Removing all of the excess Data finding the start and everything and then just demodulating the the data at the very end So we were doing to do we were able to do about two megahertz of spectrum using this and Not that 10 megahertz that iridium actually uses So I Set down and thought okay Probably it's a good idea to re-implement this in C++ and new radio Because why Python is really nice to prototype things. It's and it's still not the fastest thing to work with even with NumPy And also what's very nice about new radio is the echo ecosystem So you get things like the Osmo-com source while in this picture the SDR is actually Plugged into this thing via a Unix pipe and it's an RTL SDR pipe Python script You know radio offers you real integration with Good SDRs, which also can do more. So it was a pretty easy decision to to go for it Though the thing is that new radio It doesn't really want to work with the stuff we are working with to work with constant streams of things it It comes from a world where you have an Analog stream of voice or TV signals or something like that and it just goes on and on and on though iridium burst a Change in frequency. They're there. They're not there and you don't want to run 240 decoders all the time Especially also with the Doppler shift so This wasn't that easy Also the blocks which decode stuff actually want to have some data They want to synchronize on it and then they might throw the stuff away But from that point on they can fairly easily decode the rest though That doesn't work for us either because every burst you have to basically decode from the beginning and you cannot throw away data then People who have worked with new radio companion might know that you have to click a lot and if you want to let's say Do the brute force with the 240 channels you have to click 240 things That's not ideal. So you actually want to build the flow graph which New radio is made out of programmatically and not in the radio and In general, it's very high effort. So I would still recommend to not do such a project In ready to begin with like when you start out But do prototypes in Python and then only when you know what you actually want to do doing radio No, no radio has nice things also I Mentioned the stream and it's made out of samples and but you can add meta data to each sample they they call it tags and This might actually be nice to say to say, okay, here's something starts or it's actually at this frequency and you can No build blocks which do stuff and have a bit of a bit of intelligence in there and then a stream comes out of it still a constant stream but at least it contains some information about what's going on in the stream and Then it also has the concept of PDU's and a PDU is Not a stream anymore. It's more packet based It can be arbitrary data in there but usually would put in a block of samples and then the metadata describing what's in this sample and and very important also that is That radio gives you access to lots of digital signal processing algorithms, which are pretty fast, especially the fault library, which directly Helps you to optimize things because it looks at your architecture of your machine and it chooses to the optimal algorithm for your machine So it might use some AVX instructions here and just the MMX instructions over there Which is really nice, and you don't have to think about this anymore So after 32c3 we started to work on gIridium or basically I started to port whatever we had in Python over there and Yes, some people took it up and also wrote some nice UIs for it So you can see what's going on and make statistics for it and it took roughly Three months to to get it working. So it was much quicker than prototyping in Python But steep learning curve still So this is a very basic flow graph Which is implemented in gIridium So you first have the FFT burst tagger this thing looks for the peaks and the signal it marks them then this block is only responsible to Cut things out of the stream Produce PDUs which go over here this whole block does all the moving and Decimating and filtering and looking for the stuff and all of this stuff. So it's the most complex block of all of these and it outputs some more PDUs into the QPSKD modulator which basically just does the okay, where's the red line where's the blue line and Outputs something on the standard out So we're going to look at these different blocks first the FFT burst tagger then Okay burst tagger so what you do is you do an FFT and How an FFT works is you put in let's say a thousand twenty four samples and Then it tells you okay. You gave me a thousand twenty four samples I'll give you on my output one thousand twenty four frequencies and I'll tell you how much energy is in which frequency We build an average out of that So we know roughly where's our noise floor? Are there any constant transmissions in the region because we don't want to trigger all the time on to some Interference which is coming from I'm not sure some cell tower or something like that which is constantly there So we just take an average it gives us an idea of what does our environment look like But we also feed it into the energy detection. It just compares the instant FFT against the average and if the instant goes above the average we have a peak All it does then is okay the sample where the peak gets detected gets tagged with roughly which frequency is it and Which burst was detected and down here. We also have a block which Bypasses this stuff. This is just a delay block so this stuff looks a little bit in the future and this is what actually then comes out of the end of this thing and it means that The burst can happen it can rise we detect it somewhere and then When the delay signal comes along over here, we can actually say okay roughly here was the beginning. Let's tag it What comes out of this thing these are the only lines of code you'll see in here except for the other Blocks as well we give it an ID So the whole thing can be tracked through the whole Flowgraph, this is good for debugging, but it also helps in sorting the stuff later on It will tell you roughly what was the frequency where's the center frequency of the signal how strong was the burst and At which sample rate was this taken and if the burst is gone again We just say okay this ID which we've found over here Is a way so that the next block down there The burst tagger can say okay if the The ID comes in I'll start collecting samples and if the ID goes out. I'll stop collecting samples And I'll just publish a PDU over here. This is pretty simple. It just keeps a list of currently active bursts and Multiple bursts can be active at the same time on different frequencies So you will have a list of bursts multiple ones which are active at the same time and when one of them goes out It just spits out a PDU over here down to the burst down mix. So it keeps the ID and Basically all of the other stuff the only thing it inserts is an offset and the offset is Basically a timestamp How many samples into the stream is this PDU old the burst down mix now is the more complex thing You Do a CFO that's the center frequency offset estimation. This is just the initial FFT Then the destination finding the start Doing the fine center frequency offset We square the signal here, which means we multiply it by itself That's useful for uplink signals uplink signals have a slightly different preamble and It consists of two tones But if you square the signal Outcomes a single tone. That's how the math works and it works both for uplink as well as downlink Which is nice for us because we don't have to distinguish between them anymore here can just square it rotate a little bit more a little better into the into the middle then we can look at is it's an uplink or a downlink and Blah blah blah do all the stuff I've mentioned before publish a burst and say Okay, I'm done with this burst Yeah, I'm not sure right now. I'd have to look at the code, but probably yes Oh, it's it's a complex multiplication, right? You have these I and Q signals you treat them as complex numbers. You just do complex multiplication of IQ That's what's happening. The saying done over here is pretty important because if I just quickly go back over here There's a back channel here It's this arrow which goes over here because New radio keeps a Q between this output and this input and there's no limits to it and The sender can actually not see how much is on my output How much of this stuff has already been processed and if you don't have a back channel? You just fill up this Q you fill up all your RAM and suddenly your machine freezes Great, so this this port over here, which goes back there just signals. Hey, I'm done You can count that one of the out the PDU see if gravy on your output has been processed and if you want to Limit the number of burst which is in this Q over here. That's the only way you can do it So right now for example, this produces maximum 500 outstanding burst Okay, what's coming out of the burst on mix then you have Decentrate it might have changed because we did some decimation Center frequency stays the same direction tells you if it's an uplink or a downlink It tells you exactly where is the first sample where the unique identifier starts and Offset is still an indication of how old or at which time this that this frame appear in the stream the QPSK demodulator first decimates the data and It decimates it to one sample per symbol that means I mean you're only interested in is the I compute the I Component high and the Q component low or the other way around or they both low both high You don't need many samples to do that, but for the signal processing and to look at the That's at the signal as a human. It's nice to have more points in between so While you have these Now you can see this thing goes down. There's lots of points and it goes up again Actually these points here in the middle or these samples are not of value. They don't have any additional information You're actually only interested in okay over here here and here you because you can see that There's some periodicity to it and you only need to sample this sample this sample in this sample So the first thing we do is we throw away everything else, but How do you actually figure out? Which one of these is now where is the right point to sample and that Was told to us by this Unique word start thingy that comes out of the burst on makes it tells us exactly which sample is it that we Should start with and then you know exactly. Okay. It starts over here and we know exactly our sample rate So we know on this this this in this sample Everything else we can throw away Then we remove any remaining frequency offset and here I have to say that Most of the stuff we do here you could do quite differently It's just the easiest way we came up with to do it and a Real receiver wouldn't do it like that and I'll quickly talk at the end What a real receiver wouldn't do here? So we remove the frequency offset and I mentioned that The samples you can draw on a complex plane and a perfect qpsk signal would just do this it just one was around on these four points and We've decimated it already to one sample per symbol. So we just look at each one of them after each other and you can say, okay So it starts with 1 1 1 0 0 1 0 0 fine everything perfect But if There's a frequency offset. What's happening is this your point starts to rotate it doesn't reach this point anymore perfectly, but it Rotates a little bit on the on the circle and every time there's a sample it rotates a little bit more up until the point where it actually One was from this quadrant over to this quadrant and now your decoder will probably say this is not a 1 1 anymore this is a 0 1 and Everything you do will be skewed from that point on but there's a pretty easy way to rectify that you just take You look at your your sample and you say, okay It's over here, but it's in this quadrant. So I'll just note that this was around 20 degrees off and Just remember that and the next time a symbol comes in Which is the red one over here? I know already I have to rotate it by roughly 20 degrees You get the yellow symbol and then you look again at which quadrant is it? Okay. It's this quadrant I now know by looking at the distance on these two It's 40 degrees off and you do this over and over So in the end you you get a signal which has been corrected in terms of frequency You get perfect symbols. They're always at the right 45 degree angle Next thing is to demodulate the D in the D QPSK that iridium sense. So so far. We've always talked about QPSK But iridium actually sense differential QPSK What does this mean? It's actually the transition from one point to another point which could base the information. So If this point goes over here to 0 1 if it goes over here It's a 1 0 and the nice thing about this is that if even if you rotate the whole thing Let's say by 90 degrees if it goes over here. It's still a 0 1 if it goes over here. It's still a 1 0 This is useful if you don't actually know Which way it's oriented right now? We in our Flow graph don't need to do it actually because we rotate everything already in the burst down mixer But a real receiver actually doesn't have to do the frequency offset removal It just has to look at how is this thing jumping around it doesn't need to do the first step there, but for whatever reason we decided to Remove the frequency offset and demodulate the dq sp just in on a bit level basically It has the advantage that if you look at a signal which passes between these two blocks It's easy to say with your Pure eyes that okay. This is an iridium signal. I know what it's doing That's the only reason why did it this way So what comes out of this thing it converts the offset into an actual time stamp in milliseconds You get the center frequency again the ID which came out of this stuff It gives you a confidence and the confidence is directly based on this stuff. So if the After received symbols straight too far away from the ideal position we lower the confidence And you can usually see that with signals which aren't that strong anymore that the confidence goes down we Give it a percentage and a 100% confidence tells you that the symbol was always very close to the ideal position And when the confidence goes down, you know, there was lots of noise on there and it didn't work that well anymore now the So graph you saw before basically looks like this you have the source you have the burst tagger You have to burst your PDU then there's the internal radio queue burst down makes a QPS key QPS KD mod and While new radio gives every single block of these its own thread This flow graph will only Give you roughly Two cores will max out roughly two cores on your machine because mainly the burst down mix over here will limit everything it's the most complex block and It will just take one core to constantly spin and the rest does nothing so We fought back to our Python to a chain. How do we how did we do it there? Yeah? Well, you just Have multiple burst down mix and the queue before it stays the same and they can all share the same QPS KD This works But the problem is that at this point over here You get enormous amounts of data because the FFT burst tagger every time there's a burst and there can be multiple burst at the same time issues some Some PDU and you easily get over 10 gigabits per second of data just flowing between your course now and I believe that was slowing down everything here But new radio has a nice component It's the polyphys channelizer, which will help us here a lot And that was also one of the reasons we chose can radio because to make use of this component I'll give you a quick demo of what this thing does. It's a very cheap way in terms of Computational effort to split a single stream into multiple streams so Done here. I have a signal at zero Hertz and up there. There's three different channels Which are the output of the filter bank and if I move the signal it moves from one of these outputs To another output and you can see that each of these outputs has now one third of the width of the original input signal which makes it very nice as It allows us to Put all of the stuff on each of these outputs, but each output has a lower sample rate There's less data. So if you take a one millisecond Span of samples over here you have just one fifth of the data on a one millisecond Spend of samples over here which lowers a lot the the data rate between the different course Though a bit of a problem is that this filter bank it has very sharp edges We know though that the Doppler shift can just fall between different channels So if you have sharp edges on these channels, you might have a signal or a burst which falls between two channels And it will get lost because one part of is in one channel and the other part is in the other channel So what do you do? The nice thing is here you can have an overlap you can design these two filters in a way that all these two channels that So same thing again At a signal if I move it over here It starts I moved the wrong slider Parameter is wrong So if I move this the signal around you can see in the middle in the stream it it moves to the left as usual But here it starts to appear already over here And if you imagine that this thing was a little bit wider a few kilohertz wide it's already in the reach of this channel and About to go out on this channel and this is how we can decode stuff which has a Doppler shift It will just potentially decode on multiple channels But it will for sure decode and later on we just throw away the duplicates I'm not going to go about the design of these things because we probably don't have time for that But this is how it looks now We have the FFT burst tag and then it goes back in the polyphase channelizer and Which outputs a number of streams of them having slightly lower sample rates And now we only are around at three gigabits per second between these two blocks and This now allows us to on a single core. Sorry for core machine from 2010 decode the whole band. So we feed it with a 10 megahertz wide signal and it produces in its peak up to a thousand to two thousand actual Iridium frames and 20 to 25 millions per day. This is what we see in Munich. I Could imagine that in a more busy area. Let's say a Harbor or close to the coast you would see more depending on what's going on. It's pretty much exactly making use of the four cores and Still sometimes over close but very seldomly at least for us in Munich. So good enough for us And anyone who wants to have a bit more performance can just Buy now buy more cores, right? So that's fine Looking into the future this approach will have its drawbacks Iridium next will have new modulation types There's a few FCC documents which which describe that and They are talking about up to 240 kilo symbols per second So right now we are over here We are at 25 kilo symbols per second That is what Iridium on a single channel at the moment and they're talking about roughly Times 10 over here and bit of an issue is that our current tool chain It does not track the connections So it just assumes everything which comes down and is a burst is that 25 kilo samples per second of Kilo symbols per second and twice it and if it doesn't work, it didn't work if it worked. It's fine But Iridium next will have new modulations and the current tool chain will not know how to deal with them Nor will it know that a specific traffic channel maybe from some satellite actually is on this new modulation We'll have to see it's not live yet I haven't seen any Iridium next frame on the air yet, but the moment at least they will Be in the air in Munich will start to have a look at that What else so You can spend an enormous amount of time on this stuff also the layers There's dozens of services on Iridium and we had a look at voice data pages SMS the GSM layer there But there's still lots of stuff. We don't know about We have no intention of looking at this stuff anymore because it's just like, you know One more service one more niche thing that Iridium supports though. There's one thing and that's Iridium burst Which is going to I think it's active. I'm not a hundred percent sure. It's a one-way communication channel again where you might Have a burst which is Global where you can say from your web browser or somewhere I want to send down this signal across the whole planet and every receiver which is Authorized to receive it should receive it and no do something or display something. We call it Iridium burst and they In fact over here say only authorized devices belonging to the specified recipient group can unscramble the transmission Unscramble so I don't read the crypt or anything like that here I'd really love to get my hands on an Iridium burst device and see what it does So if anyone you know works in the field and has access to this stuff or can make a recording We would be very interested The application like whoever uses this stuff must have very interesting applications, I'm sure All right, and then Maybe just something which I gave this talk already once in Germany and someone mentioned. Hey, why don't you you know? You could do these polyphase filter banks with such a lot of channels and maybe have one per satellite and just track the satellite We're not doing this here, but it would be certainly a possibility We're not tracking any kind of Doppler shift here like we were treating reverse equal and no matter from which satellite it's coming and which kind of Doppler test, but I Could imagine just a completely different layout of this thing which is more efficient and Can track multiple satellites at the same time using these polar phase filter banks, but we just didn't So Yeah Okay, so the question is about basically predicting the Doppler shift. So can we use additional information, which is not what we receive from the satellites to predict what kind of Doppler shift a satellite will have? And yes, you can do that for sure. So there is a NORAT tracking basically every satellite and you get these two line entries or TLEs, which you can use together with your current location to predict how the satellite will move relative to you and that's all you need to predict the Doppler shift. But for that you need to have an internet connection and after they TLEs they measure the satellites I guess once per day or something like that and they quickly get outdated but it would be easy if you just have to TLEs of all radium satellites you can directly say okay at this point in time the satellite will come up to horizon it will have that Doppler shift and just you know programmatically shift the Doppler shift around absolutely. Though I mean I use this stuff every now and then you know in a car or somewhere just you know plug the thing turn it on and then I want to have some data I don't want to get online and get new TLEs but absolutely that would work. So specifically for a stationary receiver that would work yes. Anyone else? Again? Question is if iridium nexus is a public standard so none of this is a public standard neither iridium nor iridium nexus all proprietary there of course are specifications but they are kept within iridium everything we did was based on looking at bits and trying to figure out what's going on so I do not expect anything coming from the iridium corporation which will detail how iridium nexus actually works except you know anything they they're forced to do so this table is out of a rather comprehensive PDF which describes the beam patterns and the used modulations and stuff like that but that's where it ends it never tells you what's inside there how long are the bursts what kind of error correcting correction is used. Fun fact also the whole internet says that iridium is using a convolutional code to protect its stuff I mean in terms of error correction but that's just plain wrong it never does nowhere maybe between satellites but like everyone is copying this information from everyone else and everyone thinks it's true but just isn't. Which frequency is the entire satellite communication? I'm not sure but it's somewhere I'm not sure between 18 and 25 gigahertz something like that so can can we you know listen on that basically at which point we've never tried it's I you know it's not magic right but I'm not sure it depends also on how tight their beams are between the satellites if you can look basically you know just at the horizon and and catch one of these beams I don't want to say no it also crossed our minds obviously but I think it's going to be pretty tough if possible at all question is when we went from our Python implementation which it was already parallelized at that point did like two megahertz or two and a half megahertz of spectrum and moved to the GR radium one how much improvement was there I don't know anymore to be honest it's easy to try you just set decimation to one which means no decimation and you get like the initial thing I showed but yeah I don't know any more question is how much improvement was there from going from an RTL SDR to a like more professional grade SDR and what I can say about that is that at the moment we're not using a professional grade SDR at all so we were using the radio batch in Munich and it's a formidable radium receiver really you are more interested in the antenna in fact so this is a modified GPS antenna with the GPS filter removed an iridium filter inserted and also the patch antenna changed to an iridium one and this is the most important part of the system it's not so much how much dynamic range does your receiver have it's more how good is your antenna so this thing has 8-bit ADC also just as the RTL SDR has and we've tried with a blade RF which has I think a 12-bit ADC and it didn't give us really significant improvements so that's what I can say about that all right thank you happy hacking