 Okay. Hi everyone. My name is Michael Scurrito and I'm going to talk to you about how you can build your own radar system. So this talks a little bit off the wall I guess. You know, traditionally it's more security focused at DEF CON but I thought it was a pretty cool topic and I like remote sensing systems so I wanted to present something that I've been working on with some people at MIT. So when talking about stuff like this, there's going to be some amount of math. I mean there's not really any way to avoid that so I do apologize in advance but we're going to talk about it and hopefully I'll explain it in a way that you can understand pretty easily. But I didn't want to kind of overwhelm anyone with it so I'll try my best. I agree. So first of all, what is radar? Basically it's some way of looking at the world through radio waves. You're measuring something, you're sensing some sort of electromagnetic field and basically what you're doing generally is you send out a pulse and you look at the response. So radar used to be an acronym, it's become a word, it stands for radio detection and ranging and that's basically what it is. So what you might think of traditionally is something like these, I think that's a weather radar from the 40s or something. So that's kind of the basic idea of what people think but what you're measuring is essentially position of something, velocity of something, direction of motion of something. But the thing is you can actually do a lot with this type of technology. You can look at pretty much anything. I mean you can look at, like here we've got people, terrain like land surface, you can look at foliage, weather patterns, you can look at clouds, rain, ships, aircraft, spacecraft, like pretty much anything you can think of. So I'm not really talking about something like this but what we can do today is more something like this. This is an image of the capital, I guess this is a Sandia radar system but this is what synthetic aperture radar can really do with a nice system. So what we have is a 3D point cloud of the capital building taken from an aircraft. So why do it yourself? Why is this something that we could talk about now? And the reason that it's particularly interesting nowadays is because it's become extremely easy to do this and it's become cheaper than it ever was before to do this. And the big thing was the wireless revolution has given us access to a lot of hardware that used to be really expensive and pretty much only available to the military but the need for it in the commercial communication space means you can buy a lot of this stuff just off the shelf. And the other thing is for processing, all this stuff used to be done in analog. Nowadays you can just feed it into a computer and the computer will do pretty much everything for you. And I guess the main reason to do it yourself is because it's pretty cool, you can do some pretty interesting things with it. The stuff that I'm going to demonstrate today hopefully is not even close to the extent of what you can do. I just want to give a simple demo of in this space what can we look at? So who am I? I'm from MIT. I'm an electrical engineer mostly and the rest of the time I do pretty much anything else engineering or science related when I need to. Currently I'm working on RF remote sensing systems, not radar systems but actually weather instrumentation at MIT. And I have a pretty broad set of interests but a lot of stuff related to RF technology including RFID, communication stuff, imaging systems, remote sensing, wireless comm and security of course is a big interest of mine. And anything that can combine those issues is awesome. So I guess what I'm going to start with is talking about how radar works in a general sense. Then I'm going to go a little more detail like how would you actually make some of these measurements I was talking about with the radar system. After that talk about how you could build your own radar. Hopefully we can demo it if it works for me. I'm going to go into a little more about synthetic aperture radar which is basically a technique for taking pictures with radar and this is both 2D and 3D imaging. And then we'll go into maybe improving the design of the home built radar, what sort of stuff I'm looking to do in the future and what stuff I'd love to see some people here talking about next year if they did it themselves. So first with an overview. Like I said before, the basic idea is we transmit a signal and we get some kind of return off of it. So this is an aviation system. So basically what this is doing is it's spinning around, sending out a pulse and measuring how long it takes to come back. But it's not necessarily that specific. You could do a lot of processing with that return signal. And the key point here is that every radar system works on this type of principle. You're transmitting a signal from somewhere or somebody is transmitting a signal from somewhere and you're looking at how that reflects off of a target. And all this is governed by this thing called the radar equation which is this big thing with a whole bunch of terms that, you know, there's a whole bunch of stuff here. So basically what we're looking at is the function of received power versus transmitted power. And the way that that gets changed is, you know, we get transmitter gain, antenna aperture which is like how big your dish is, cross section, propagation factor refers to the medium that you're in. I actually don't really care about most of this stuff right now. The main point I want to make is this target distance here. So we have power over r to the fourth. That means that basically, you know, your transmit power doesn't matter that much. So the received power is going to decrease with the fourth power of the distance. So if you move by a factor of 10 away, like, you know, I guess my example here is if you receive a signal of one milliwatt at 10 meters at a kilometer that's 10 picawatts. It's really fucking tiny. So, you know, but that sounds kind of bad because it does severely limit your range. But at the same time, the system right here that I'm going to show uses about 10 milliwatts of transmit power. That's only 10 times worse than 100 watt radar which would be like the size of a car. So you really, you can get a lot of performance with kind of these low cost, like, simple systems. So where is radar used in general? It's pretty much used for anything. I'll go over a couple of applications. Air traffic control is a really big one. They use it for in-route tracking. So this is actually a picture from a website you can go to to like track flights live. It's kind of neat. So this is Las Vegas a couple days ago. It's used for weather measurement. It's a huge set of data for trying to track precipitation. So what's happening here is this is a Doppler radar image. So what it's doing is it's actually measuring the velocity of the rain or the hail or whatever it's looking at and the color is the strength of the return. So it's how much precipitation is there. But the other cool thing is they can figure out which way the storm's moving by the Doppler shift or the signal, which is why it's called Doppler radar. Another thing is, you know, police applications. They use speed guns to, you know, give you tickets and that sucks. But, you know, it's a lot of uses. On the automotive side, there's actually a lot more of the stuff. So anytime you want to kind of track things that are close by, there's radar systems there. Also light out at some extent which is pretty similar. But they're using it for cruise control now so your car can follow a certain distance behind the next car. Collision avoidance, your car will apply the brakes right before you hit something. Automated parking, which I think is in the Prius, uses radar to figure out where the parking spot is. And then, you know, autonomous vehicles in general are going to need a ton of this technology to figure out where they are in like the near space. It's used for surveying applications. So you can fly a plane over some terrain and get a 3D image of what the train looks like. That's pretty useful. And the military uses it for practically everything. They love radar. You know, it's hard to get some good examples but, you know, pretty much any system that involves, you know, shooting something somewhere or like looking at something or, you know, anything that they might want to do is going to use some sort of radar system. And like I said, it's kind of hard to get good examples. So why radio frequency? You know, you can, there's tons of sensing systems that operate from, you know, basically, extremely low frequency, maybe like tens of kilohertz, even lower, like tens of hertz, all the way up to visible light, beyond like X-rays and everything up there. So, you know, what's special about this frequency band? And by the way, what we're talking about is something in the range of 50 megahertz to about 50 gigahertz. So, and more recently we've been going up from there. But what's special about this range is we get pretty good propagation in the atmosphere. So we can transmit a signal that runs thousands of miles or thousands of kilometers. And it can go through the atmosphere through space, not so much through water because it's hard to propagate through that. And that's why we have sonar. But the signals are, you know, they can travel through clouds or smoke obscuration. To some extent, with certain systems you can penetrate the ground. And there's something called ground penetrating radar for searching for tunnels or wiring or anything under there without actually digging it up. The signals travel really fast, which is both a positive and a negative. So the plus side is, well, you know, it's, you're getting your signal there really fast. You can detect things really far away in a short amount of time. Like sonar could take minutes to go any real distance. But, you know, this is, oh, this is instantaneous. 300,000 kilometers a second, I think is like six or seven trips around the world in a second. And the other advantage is that the antennas are reasonably sized. So we used to use systems that were lower frequency, hundreds of megahertz, tens of megahertz. And anyone that does amateur radio knows how freaking big those antennas are. And if you want a directional antenna, it's going to be even bigger. Because that dish is going to be 50 meters, 100 meters. That is enormous. So we can build stuff with like, you know, a can. This is at 2.4 gigahertz. This can is what, three inches in diameter. And it's coffee can. So, you know, how do we build these radio frequency systems? The big thing is that it's hard to build circuits that operate at these frequencies. If you think about your computer and how hard it is to get the CPU to run it, you know, four gigahertz or something, that is a chip that's about, you know, three quarters of an inch on the side. It's trying to switch at that frequency and get a signal three quarters of an inch or less. And that's at four gigahertz. If we want to build something that's like a transmitter at 50 gigahertz, that's going to be really hard to like, do any sort of complex digital coding or modulation or anything like that. So the way that virtually every single radio works is what they do is they process the data at some low frequency. So like, if you have a, you know, voice like FM radio or something, the transmitter is just recording audio and it's processing audio. And then when it gets ready to transmit, it just magically shifts that signal to the frequency it's transmitting at, up to, you know, a hundred megahertz or something. And what this is called is heterodining. Radar pretty much works the exact same way in almost every case. So the way this works is there is a little more math here. So the trig identity that I'm looking at is the product of some role. Basically if you multiply two trig functions or two sine waves at two different frequencies, what you get out is the sum of their sum, the frequency of their sum, and the difference of the two frequencies. And you lose half the power basically in the process of doing that because the two signals are, you know, half. So what this is called is mixing. So what we're getting is, you know, the sum of different, different frequencies. So as an example, if you take your 2.4 gigahertz like Wi-Fi signal and you mix that with something that's very slightly higher, this is 2.400001 gigahertz, then you get something at about 4.8 gigahertz, which you don't really care about because, well, I don't know, I don't really need it. And you get something at 1 kilohertz, which is actually a lot more interesting. So I can measure very precisely what the frequency of that second signal is if I'm very good at measuring the first one because they're really close to each other. And, you know, I can get this 1 kilohertz like resolution for instance. That's pretty useful. So there's a device called a mixer, which basically multiplies some known signal with your unknown signal and it shifts it in frequency. And that, that's just magical. You can do, that's how radio is possible. So as a visual example of this, and we take two functions, which I just got an octave, you know, we have sine of t, sine of 1.1 times t. So that's something that's like 10% faster in frequency. If you multiply those, you get something like this. This is, what you can see here is the sum of two signals. One of them is a fast moving signal and the other one's a slow moving signal. So, you know, looking at in the frequency domain, it's the same sort of thing. And this is actually a relevant picture. So if you haven't done some stuff like this before, it could be a little bit foreign to you. But basically what we're looking at with these arrows is that's indicating that there's a continuous way of tone. That's the sine wave at that frequency. And it has no energy in any other frequency. So that sine wave in time is equivalent to that spike or delta in frequency. So in this, in this third example, what you get out is these two different frequencies. And as an example of this, you've probably heard this before. If you have a bunch of like case fans in a computer, for instance, you can get those really annoying like very time varying tones. So if you have something running like 6,000 and 10 RPM, you have a 10 RPM signal that's being generated acoustically between those two things. So you have some faster signal and then you have this slower one. And that's going to give you that like beating tone, which is really annoying. That's exactly what's happening there. So let's talk a little bit more about, you know, what we can measure here. So like I said before, there's a couple of things that we're talking about. Direction is like, you know, if I have some target, which, you know, where, where do I go to get to it? Range is the distance to the target and velocity is kind of how fast the target is moving. So then we can combine all these things into basically imaging. So we can use various techniques to generate a 2D or a 3D picture, which is what I'm calling this range and cross range domain of one of these measurements. And when I say range and cross range, what I mean is in the radar world, you're not, if you take a picture of like this wall, for instance, or, you know, that wall, whatever, your two dimensions are kind of like up and to the side. They're both perpendicular to you. The radar kind of flips that 90 degrees. So one of your dimensions is range, which is like how far away the thing is. The other one is like in some other axis. So it's cool because you can look from the side and then get like kind of an overhead view of what something looks like. So if we want to measure range, it seems pretty simple, right? We send out a pulse, you know, just hang it out and wait for the response and we just time how long that takes. So here's a visual depiction here. If we have a transmit pulse at time zero, then, you know, we're going to get some returns from some targets. And we're going to say one is like, I don't know, 15 meters away. One is 30 meters. One is 65. And so that seems pretty easy. We just look for it on like a scope or something. And the reason that this is hard is because the waves travel really fast. They travel at the speed of light. So we have this equation. The time it takes to get back is two times the distance because it has to go there and come back divided by the speed of light. Which means that at 70 meters, we're talking about, I guess that's 500 nanoseconds of time, which is pretty hard to measure if you want to do it easily. So if you're using a sound card, for instance, which is what the original version of this thing actually used to sample, that 44 kilohertz sample rate corresponds to a seven kilometer distance in space and range. So, you know, that's probably not going to work for most systems. So if we're trying to measure velocity now, and I'm going to go back to range in a second. Let's say we want to measure a person walking. Well, they move really slow. So it's going to be kind of hard to like see a real change, right? So the way this is done is with the Doppler effect. If we have something moving, like this is I guess the car analogy, you know, we have a car driving by on the road and you're standing there on the side of the road and you're listening to it. When it's coming towards you, you know, it sounds a little bit higher pitched, it passes you and the frequency suddenly drops and it sounds lower pitched. And that's because any sound being generated by the car is basically being like compressed in space as it propagates because the car is moving as those waves are coming, you know, emanating from the car. So it's a higher frequency tone and it's a lower frequency tone. So if we send a radar pulse, like what I'm calling a continuous wave tone, which is just a sine wave at something that's moving towards you, it's going when it reflects that it's going to increase the frequency because it's moving faster. It's not going to change the propagation speed because everything moves at the speed of light, you know, due to relativity, but it's going to compress it in time or in space rather. So it's going to increase the frequency of the signal. So, you know, if we had a 3 meters per second signal, we're turning that 2.4 gigahertz into 2.4 plus 24 hertz. So that's going to be pretty hard to differentiate. But if we have a really good 2.4 gigahertz reference, we can just mix with that and we get out 24 hertz. And I can see that on a scope pretty easily. I can measure that and then that way I know pretty accurately how far away the target is. And by the way, the previous example was kind of how radar first got developed. It was that's like basically a pulse radar. This would be called continuous wave operation, which basically means you're transmitting one frequency all the time. So going back to measuring range, if we're trying to see a difference in frequency, it's pretty easy. We can do that. And the really cool thing is if you take that into the computer and Fourier transform it, you can very easily get a plot of the frequency at, you know, versus power. And it's harder to see a difference in time just because we can't sample that fast. Or it's expensive to sample that fast. So what if we took the frequency that we're transmitting that we're, you know, we have plotted here and we just ramp it. So what that means is it's going to be a tone that looks sort of like this. It's, this is called a chirp. And what's happening is, you know, it starts out of the low frequency and it just gets faster and faster and faster and then it's done. And then it restarts or goes back down or something. So what happens with the return signal then if you're trying to transmit it at something that's far away is, you know, you get like, let's say the first line is a transmitted signal and the second line is the received signal. So you have, if you're looking at what you're transmitting at a given time compared to what you just received, it's going to be shifted by however much time it took between, you know, when you sent it and when you just got it back. And so that's some small amount of time. But if you're ramping the frequency, it actually corresponds to a difference in frequency. And then you can actually do the exact same thing. If you mix those two signals together using a mixer, you will get out basically the difference in frequency between the two signals. And what that means, you know, practically is let's say we have a 10 meter target or, you know, something that's 10 meters away. If we ramp over 200 megahertz in 20 milliseconds, which is reasonable, you know, it's something that we can achieve pretty easily. That, you know, point, whatever the hell that is, I don't know how long that is. But I think it's 66 nanoseconds or something. That signal turns into 667 hertz, which is in the middle of the audio range. I could sample that with a sound card and tell you how far away you are. So this is known as FMCW radar, Frequency Modulated Continuous Wave. And that's how, I think most of the systems work today. So then, you know, let's say we want to go a little bit further and then we want to take a picture of something. So there's a few ways of doing that. But basically, at a high level, what we're doing is we're basically just taking these measurements and just repeating them again and again and again in some different place or different orientation or whatever. So there's a few ways of doing that. One is just scanning. So if you've ever seen a big dish just spinning around repeatedly, you'll probably have seen them at airports before. All that's doing is it's a very directional beam and it's just pointing it out and measuring the responses back to try to find all the planes. And so it just scans and it, you know, just traces out a path. And it's exactly what you see on those old radar scopes where you have a line going around your little circular screen. So, you know, we've gotten a little bit more sophisticated in that sense then. So there's something called Synthetic Aputure Radar which basically means you can get better resolution if you have a bigger dish. But the problem is then you have a bigger dish. And the bigger dishes are more directional. So that's the advantage. So with Synthetic Aputure Radar, what you're doing is you're actually taking coherent measurements of the signal at different places. And you're trying to simulate having a larger dish. And, you know, the reason you would do that is so that you can get a finer resolution of space. So if you just point it in one direction, like, I think the beamlets on these things are like 40 degrees or something. So you couldn't see shit out there. But the idea is that you make it highly directional by simulating measurements from multiple places. And then you can kind of combine all those measurements together and get a, you know, range cross range plot. And I can't do that live right now but I will show you some pictures of that. And then another system is actually called Inverse SAR where you actually, you keep the radar fixed but you move the target. And this is if you want to get like kind of radar cross-section measurements of an aircraft or something. I'm not sure why you'd want to do that. But, you know. And then more recently, something that they've been doing is called, it's basically multi-intena beamforming. And beamforming is where you take a whole bunch of antennas and you, instead of having like a directional beam to begin with, you basically steer the beam with the antennas. And the way that works is you're basically adjusting the phase of each signal so that you have some flat front in some direction. And you can control that direction and scan really fast. And the advantage there is you have no moving parts and you can scan really, really quickly. And we use, you know, we use that for a bunch of surveillance applications. Like it's just, it's useful if you want to find things really fast. And it's much more, it's much more flexible than something you just physically scans. So, you know, let's go on to, you know, how you might build a system like this. So the home-built radar that I have here, which I guess if you wanna get a good look at it, I guess come to the Q&A room and we can show it off. The original design was by this guy named Greg Charvet. He's an employee at MIT and you know, I've worked with him a good bit and he's a pretty cool guy. So he really loves radar. And so he designed the system to be built as an MIT class. As basically a, I think it's a two-week long class where you just learn how to build these things. And it's pretty simple. The cost is a few hundred dollars, it operates in the Wi-Fi band, 2.4 gigahertz. And it's pretty simple to use. The downside, at least with the one that I built, is that it's actually really hard to get through airport security. They give you a lot of shit if you try to take something like that on the plane. What I was told when I went through the check-in was that, well, I flagged the guy down and I showed him this thing and he's like, what the hell's that? And I told him it's a radar and he's like, well, what's that? So... So you know, okay, you can look in here or something. And then, you know, his comment was perfect. He just says, it looks like a bomb. And I was like, well, I'm glad I didn't say that. But anyway, eventually they did let me through and I was able to get here. Hopefully I'm not on a watch list now. So let's try to describe how the system works. So this is a block diagram for RF stuff and I guess it's, that's not too hard to read up here. So this is how RF engineers kind of like deal with the world of circuit. So we don't, this isn't really a set of components. So, you know, I'll try to go through it and explain what's happening here. So the first thing is the thing that says modular, that little like spike thing is, that's the ramp generator. It's generating just a ramp in voltage, which gets fed to this thing with the curvy line called a voltage controlled oscillator. And it does exactly what you think. The frequency of oscillation is related to the input voltage. So you send it a ramp and it gets faster and faster. And that generates the chirp I was talking about earlier. There's an attenuator, power amplifier, which just makes the signal louder or more powerful. That signal gets split. And one of the, one of the copies of the signal gets transmitted out by, you know, one of these, one of these dishes here, coffee cans, sorry. The other one, the other part of the signal goes to that mixer. And that's what I said before was the local oscillator for that mixer. So then what happens is the signal gets sent out by one antenna. It gets reflected off of whatever. And then it comes back and the other antenna gets amplified again because it's going to be really, really weak now. Remember that one over R to the fourth thing I was talking about. And then it gets mixed with that known signal. So then it basically, what we did is we took the signal and we shifted it all the way down to pretty low frequency near DC where we could record it. With the original system for this used the sound card. I've actually changed that a little bit since then, but that's what's cool about this is you can literally build something like this and record your radar data with your sound card. And just process it on the computer with, you know, you're recorded with audacity and then process it in MATLAB. That was how the original system worked. And then there's this thing down here called a video amplifier. And what that does is it basically just takes that really small signal that's still pretty small and amplifies it a bunch of times at low frequency so we can feed it out to the computer. And there's two outputs to this. One of these is the sync pulse, which basically tells us when the chirp starts. And then the other one is the actual data signal back out. And then I guess the components are here. You can get the slides later. But these are all off-the-shelf parts from this company called Mini-Circuits which builds these things. They basically, they take a little chirp and they put it in a package and do all the testing to make it actually work. And then you just, like, screw on little SMA connectors to it. It's pretty cool because you just, it's like doing plumbing that you're building an RF circuit. So here's a picture of the thing that's sitting right there. I guess, I think I have call-outs on the next page. So basically, these are all the parts I just talked about. It's a little bit different than that diagram because that green board is not in the original design. That's actually basically a USB data acquisition board that I developed for this. And I'm working on getting that to be releasable. But right now, it's not quite ready for public use yet. But eventually, I'd like to just kind of publish the designs online. So you can see all the components I was talking about before. We have, you know, the VCL first which gets a signal from that green board which is actually generating our ramp now. So it's computer controlled. So the VCL goes to the attenuator, goes to one of those amplifiers, and then you see the splitter out there. One of those signals goes to the transmit antenna, which you can see at the bottom. And then, you know, the other signal goes to the mixer. The receive signal goes to one of the other amplifiers into the mixer. And then everything goes out to the video amplifier and then back into the board. So that's basically, you know, that's pretty much all the components we just talked about. I guess just for completeness, I'm not going to explain these schematics. But this is the original circuit. This is something you could build yourself really easily to do data capture. So one of these things is the video amplifier, that thing at the, you know, the box thing at the top. And the other one is the ramp generator, which is just a chip that generates ramps. And it generates two output signals which you plug into your sound card and record your radar data. Yeah? Sorry? Yeah. Oh, so the reason that's there is because when I was trying to make this in USB powered and so I just wired it onto the power for this other stuff. Everything on here runs off of 5 volts. So I plugged the USB in and then the computer doesn't like that. It just turns off the port. So the problem was the interest current was too high and I needed something to like slow that down. So I was like, okay, I'll put an inductor in there. And the only one I could find was this big like choked transformer thing. So I just shoved that in there and that worked. So that's all that's for. Okay, so let's say we want to do a little bit more. We want to get a little more sophisticated in the sound card because there are some disadvantages there. It's hard to collect every chirp. It's hard to stay synchronized and it's not as fast as we might like for sample rate. So I developed this board that's basically a microcontroller with an A to D D to A converter. The way that we generate the ramps is we take a digital signal in the D to A converter and then feed it through an integrator. And if you remember your signals and systems that continuous line turns into a ramp and we can control the speed of that ramp. And the reason that we're not just directly generating the ramps is because if you ever looked at how a DAC outputs a signal every time you switch it it like jumps to the next level a little bit. It doesn't like kind of smooth it out. So we could filter the hell out of it and it probably wouldn't work if we had a flat signal and then in analog we make the ramp. And that was the easiest option and it works pretty well. And then we just send that out to the VCO. And then on the receive side we have a video ramp that was actually not on the green board. It's on the sorry on the the other board there. And then there's an A to D converter which is way faster than the other one. I think it could actually run at 500,000 samples per second which is a lot faster than your sound card at 4496 or something like that if you have a nicer one. And the other advantages are you know internal triggering which basically means I start the ramp and I know where the ramp is and then I start to capture it at a certain point. I capture data really fast and then it's done and I send it back to the computer. So it's completely kind of self-contained. I don't have to deal with like processing it later to do the triggering and that makes a lot of the real time stuff a lot easier. So this is a picture of the board. I guess there's not really too much to say here. It's just you know yay circuits. And then there's a callouts on that. So actually the two other things on there that I didn't mention was a gyro and accelerometer and I haven't really gotten to using these yet but this is part of my future plan is well if we can just track the position of the thing we can do a lot of this kind of coherent imaging stuff without any effort and I'll talk about that a little more later. So I'd like to try a demo now. I really hope this works but you know I'm not I know how demos work at DefCon and I I'm not you know we'll see what happens but basically what we're going to do is we're going to try to do a range finding demo. So I'm going to take this thing and set it up to basically generate a sharp record the response and display it on the screen and what's going to happen is there'll be a couple plots there and I'll describe those when they come up but basically what you're going what you should be able to see is the distance to a wall or something is going to come up as a stronger signal at some range and we'll plot it with respect to range and then all that processing is done with an FFT so let's see if I can get out of this and okay oh wow that worked surprisingly well so if I plug this under the computer so we have to hope that VMware properly captures the device because sometimes it doesn't like to let's just confirm that it looks like it's connected so with a little Python program I actually found this program online it was just like something to generate an audio spectrum and I was like well it's Python it's going to be really easy to make it do whatever I want so I adapted it to my little USB serial interface and and actually I should probably I think I'm forgetting something I gotta set the mode on this sorry if this works so it's doesn't give any error messages we should be getting something scrolling across the screen in a second oh okay so there's a couple different things here so in the middle plot that's there's actually a lot of noise here and I can explain why that probably isn't a little bit but so that that plot in the middle is basically the time plot of the signal that we're sending out or this is the response so this is literally at you know low frequency it's basically an audio tone is what it would sound like and that's related to the signal it's not very directly related so what we do is we Fourier transform that which you can see on the left and the right so the one on the right is kind of a scrolling view of that and it's kind of hard to see the scale on here but on that spectrogram view those numbers are supposed to be the distance in meters to whatever you're looking at so I guess if you've seen a fish finder before it's basically the same interface so what I can do is I point it at the wall I'm pretty sure that that that strong response at about 30 meters is probably about the distance to that which sounds about right I point it up at the ceiling it's going to drop down and we see a very strong red line at about 8 you know it's about the correct distance and we can just kind of scan it around you know so sorry yeah so we get something at about 4 which is alright so you know it's basically you can you can also see the power thing here so when this is being displayed this is a log scale so it's not going to decline as fast as you'd expect but as they get further out obviously the signal gets way way weaker and the other thing which I haven't actually seen yet which I'm a little surprised by is so this thing operates in the Wi-Fi band there's a lot of noise I'm not exactly sure why that's happening that was happening before but what you do see occasionally is these pulses kind of towards the top end of that and that's actually Wi-Fi signal bursts from the thing transmitting it's a you know I think it's a 20 megahertz wide signal and what you see that for is like a little pulse in the middle of the time window and unfortunately I guess no one's using Wi-Fi devices in here because I'm not picking anything out so I guess everyone's being smart now and they're not using Wi-Fi at DEF CON but yeah I mean this is basically you know that's all there is to it to doing something you know pretty simple so literally all I did here is I'm recording the analog signal I'm 4A transforming it and displaying it on the screen and that's all there is to it so let's go sort of good there so let's head back to the talk I'm glad that worked so so let's talk a little bit about you know trying to image with one of these things so synthetic aperture radar is basically the idea of having you know a really big antenna or a lot of little antennas let's just take this thing and like move it like slide it down a table or something and just keep taking images and there's two basically techniques of doing that one is basically kind of scanning around the object that you want to look at and it's called spotlights are as you might expect the other option is basically trying to scan your radar across a scene and getting you know basically getting these repeating pulses to the side and that's actually it's a little easier to process so that's how this was originally working basically what you're doing is you take these pulses and you can get a lot of information about the phase of that signal so that analog signal that I showed you in the time domain is actually pretty important because all the phase of those frequencies affects like suddenly the difference between you know your transmitter and various elements of the target so you can kind of coherently combine those and get a 2D image so this is an example that Dr. Charvet gave gave me of what he built with something that's very similar to this using the same sort of specifications so we have a 2D image from Google Earth and he went out to this field and he did this I think I mean you know you move the basically move the radar about 8 feet and you get an overlay image like this so I'm going to go back and forth a couple of times but what's cool is you're basically looking at the foliage from the tree so you get all those red areas are basically where there's something that return and the other thing is you can see that telephone pole or whatever the hell that is right there is also giving a pretty strong return and the range on this is like a couple hundred feet so it's actually pretty good I was testing this in my car at one point and I was actually able to get about probably about half a kilometer if you're going down the highway and you see like some far away objects you can kind of see them like getting closer to you as you move so that's kind of neat so let's let's talk about what what you know what you might be able to do to you know improve on this sort of stuff one thing was that I was talking about before I'd really like to do an inertial star system and unfortunately I've been having some problems with the accuracy of the accelerometer and gyro you know I'm going to be working on that in your future try to get that accurate enough for my purposes so I can do position tracking for basically a few seconds enough to capture the image and so what we would do is we basically use a gyro accelerometer to figure out relative position and orientation as I move the thing around and the idea is that I don't have to measure that I don't have to like you know carefully annotate what I'm doing as I'm capturing the data it makes it much faster and a cool thing you might be able to do is if you take a GPS and a magnetometer you probably could just georeference it on a map have the direction you're looking and just overlay it on you know Google Earthmap and at this point you can pretty much do that with a smartphone because that's got all of those sensors just add that with a sensor like this and you're good to go you just got to write the right software the other thing is something that we might actually be doing at MIT in the next few months is a phase array radar system so what we would do there is we'd have a set of transmit and receive antennas and the the system here is we basically switch between pairs of them so you might have you know a couple of transmit antennas a couple of receive antennas each pair of those if they're spaced appropriately basically gives you a virtual antenna at a different position and so you can just very rapidly switch between you know let's say you have like eight on each side that's 64 different pairs of antennas or 32 anyway whatever you get I this is 64 yeah I get 64 pairs of like virtual antennas that you can take and you can very quickly generate an image and I guess so basically what we would get with that is I have a video here of something that's actually been built this was built by this is a was the video okay what they did here is they built a a phasor radar system designed to capture images at 10 hertz and what's happening here is they have a metal ball in the middle and then what they did is they rolled another metal ball past it and you can basically see the thing rolling in real time past the thing and it's pretty neat so you see that little dot there just kind of comes past and so this is pretty fast there's another video online which I couldn't include there's someone like swinging a baton and it's interesting because like I said before this is an overhead view so if someone's swinging that it's like it looks like a spike and then it kind of spreads out and goes back and forth and back and forth so you know that's I can play that again but yeah you can see right there it just kind of comes by and then there's a little bit of interference when it comes past it due to multi path effects of the signal because remember we are looking at electromagnetic waves here but this is a sort of capability you could you know achieve with something sophisticated because the real time aspect is really interesting and real time imaging I think would be pretty cool to implement especially as like a do it yourself thing so I have a few more references here I guess you can get these from the slides but these are some resources this is probably enough information to build one of these things maybe not with the laser cut stuff but it's you know it's it's not that hard I mean it's it's a pretty simple concept and all the parts are available commercially nowadays which is amazing so I guess you know the main reason I gave this talk is because I really wanted to see people build something like this you know actually build it and so that's kind of like my call to action is like I would love to see someone do something really cool with this stuff and come back next year and you know say okay I'm going to give a talk on you know my you know improvements to the system that would be awesome so I think that's about all I have so yeah I guess if there's any questions you know go ahead like um yeah sorry oh well the coffee cans are somewhat directional I'm sorry he asked why coffee cans as opposed to a different type of antenna um the coffee cans are fairly directional um they were really cheap because they're coffee cans and we had them anyway um but basically it's going to be hard to see inside this thing so you might just have to come back later and see but what the way this works is there's an SMA connector in here and there's a little wire being fed into here so this is this is basically a wave guide port it's an adapter from that little feed antenna but you could use any of this for Wi-Fi too if you wanted to make your signal more directional it's the exact same principle and if you took some of those really big Wi-Fi antennas you could make a highly directional system just with that so anyone else? oh uh yeah he asked which microcontroller I'm using I'm actually using a pick um it's a one of the 16 bit picks uh I tend to get a lot of shit for using their parts but I in general what I find is that they they're very inexpensive I love that it's just they're very cheap parts and this thing was like it's pretty good for my applications but oh yeah actually that's worth talking about so um he asked what the power requirements were um I believe this entire system uses about uh 200 milliamps at 5 volts so like I said it's easily powered by the USB port it's the only power source here the original was powered off of two sets of double A batteries so that's about all you're talking about yeah okay so this system is operating in the wife oh sorry I gotta do this um he asked uh how much you know how much could increase the power um the limits at 2.4 gigahertz I believe are a watt um but that's a watt I think it's 4 watts radiated so you could you could transmit what's that okay so you could basically you'd probably be able to transmit a watt and no one's gonna complain too much the problem with this is you would have to band limit it some more so the way this works is it does actually extend past the wifi band a little bit um and that's why we know we only use it and it's kind of controlled environments but um basically um so I wouldn't transmit a watt and that whole range you know this is like 10 milliwatts it's pretty low so um yeah anyone else? uh yeah um well the okay uh what's the signal to noise with uh wifi so um I guess it's it's pretty it's pretty uh dual because what you see is actually with the wifi signals you actually see the burst on the on the um spectrum I'm actually I was shocked I didn't see that today I was I was sure someone was gonna be using wifi device in here but um basically what happens is you get these little blips in the signal and that chirp is like fucked it's a pretty strong signal and it's hard to filter out because it's not like related to your signal at all you're just like basically sweeping right through it and you pick up all that crap but if they're not transmitting it's not really a big deal yeah uh is the upper frequency limit defined by how easily you can obtain a reference signal the frequency bands that you can operate in are it's mostly I mean there's a few bands you can operate in you pretty much are stuck to the ISM bands if you want to do this stuff like legitimately because those are you know what's licensed for kind of this unrestricted or pseudo unrestricted use so if you go up to 5 gigahertz it would be a little harder to find parts basically as you go up into frequency the parts just get a little more expensive or as you get even higher they can get a lot more expensive but the big thing you want actually in a system like this you want wide bandwidth because the bandwidth is what's giving you that spatial resolution and the time resolution anyone else? uh yeah he asked if I was looking at software to find radio systems I think there would be some benefit to that if you wanted to make you know do some certainly the SAR coherent processing stuff that would benefit greatly from an FPGA system because it does it can take a few seconds to process an image like that on the computer but in this case like the main goal was simplicity and low cost so you know if you bring in you know one of those what is it edis research boards in like the USRP or something that's going to add a big you know a big chunk of change to your your design but there's definitely a lot of potential there I would say that's absolutely worth exploring anyone else? uh yeah um yes is the Doppler effect from a fast moving object enough to mess up your position measurement that kind of depends on what you're trying to do okay um so I guess uh if it's if you if you're trying to measure something moving really fast like on the order of you know like a plane or something you might have you might have some impact so I guess when I was talking about it before I said that something was moving three meters per second which is like a person walking really quickly um or maybe slow jog is uh producing a 24 hertz signal at the chirp rates I was dealing with um you know I think 10 meters corresponded like 667 hertz so it wouldn't affect it too much but that all depends on your chirp rate and your bandwidth and you know a bunch of other factors so yeah you can you could make it have an impact or not and the other thing is there's actually a way of disambiguating those because I didn't talk about this but you can you can chirp up and you can chirp back down and if you think about it the effects are a little bit different because the Doppler shift is always going to change the frequency in one direction but if you chirp the other direction it will shift it backwards so all you have to do is kind of figure out what's happening there and you can you can disambiguate them uh is that it? oh got one more oh okay should I keep doing questions or uh okay uh yeah go ahead yeah um on that microcontroller would be pretty hard uh the processing power on this thing is pretty weak it's just it's it's useful for fast to grab or quickly grabbing data would be you know probably the best option in that regard um you could definitely do that it's not it's not a very computationally intensive process I mean this is like a python script I was running to do the FFT oh okay yeah yeah yeah so to some extent actually for this our stuff we want something a little less directional than that um part of it is that the caucycans were what was available at the time um but so it might work off not well that's probably true yes um but uh yeah I mean it's it's pretty open you basically get different characteristics so if you're trying to do the SAR imaging having a wide beam width is actually somewhat useful because you can get it decreases some of your spatial fidelity but you also get a wider image so if you have a very narrow beam you're not going to get any signal from something that's you know further apart so it's a trade off there uh anyone else? okay um I guess if there's anyone else that wants to like see the system closer or talk um I think I'm going to move over to the Q and A room so uh yeah thanks for uh thanks for hearing my talk that's great thank you