 Thanks for coming. I really apologize for the the mix up that I had earlier. So today I'm going to talk about a digital signal processing for software defined radio. I also like to call it software defined radio in a nutshell. And so the reason that I wanted to do this talk is that a lot of you have probably messed around with software defined radios. And so this talk isn't an introduction to software defined radios. But a lot of people really don't know how they work and sort of the theory behind the how data gets modulated and sent over the air. And so I think there's sort of a lot of what I'll call script kitties of software defined radio these days. And so in my own work trying to figure this out on my own I've learned a few key concepts that I want to talk about today. And it sort of covers the essential tools for building your own software defined radio applications. It's not going to go deep into the theory or the math or exactly how it works. But this talk is intended to give you an idea of what you don't know and what you should go out and learn more about on your own. So first a very quick introduction to how radios work and how and this would be useful for later explaining how this gets translated into the digital domain. So as you all probably know atoms are made of protons and electrons these exert a force on each other so unlike particles attract like particles repel. You should all basically know that and you can define a relative force that is created by one of these particles by imagining a theoretical test charge and moving it around sort of around this electron here and then measuring the force that is exerted on that test charge. And so then you can express this this electric field as a field basically on the force per unit charge of this test charge. And so if you if you move this test charge away from this electron sort of further out there's less force exerted on it but that also means that you have to do some work to move it over here. And so this this difference is called a potential difference or voltage and this is what radios measure and use to communicate. So the way the way that they do that is so for example you might have a dipole antenna and it might induce a voltage on the dipole antenna. So you have you sort of push some electrons to one side and so on the other side there's effectively positive charge you can think of it as charged particles but basically it's an absence of electrons. And so to actually transmit this information what a radio will do is alternate the polarity here and create these reversing electric fields which then propagate through space and then when they hit another antenna they will also induce a voltage on the receiving antenna and you can measure that as a voltage and recover information that way. So this is all fine and dandy but then the problem comes well how do you separate all these transmitters and receivers from each other I mean you can't just you know do this and and expect everything to work you need to to allow multiple users of the airwaves and so the way that they do that is let's see here through different frequencies. And so the way that signals are actually transmitted is you have these carrier frequencies which is sort of how how much you you reverse the voltage going into the antenna and then you modulate that with different types of modulation. So some of the very simplest types of modulation for example is amplitude modulation where you have a constant frequency of moving electrons back and forth but what you do is you change the amplitude of how much power is going back and forth. And then there's frequency modulation where you actually change the frequency at which you you move the the electrons around. And so if you've been playing around with software defined radios you can actually visualize this so this is a spectrum display here and you can actually see here's a commercial FM radio station and you can sort of see the the frequencies of the the carrier going back and forth here. The takeaway from this slide is that different transmitters get allocated sort of different frequencies and so you can see them across the spectrum and this this applies widely. And so if you wanted to actually recover this signal digitally one thing that you could think about doing is just taking your antenna stuffing it into an analog to digital converter and getting out that voltage and then doing some magic that I'll talk about later and recovering your signal that you wanted to transmit. Now unfortunately since you're transmitting stuff on these carrier waves that can go up into the gigahertz range you would have to have an analog to digital converter that samples extremely fast to recover enough of that wave to recover the signal. So instead yeah this is what I just said so basically there's something called the Nyquist rate so if you have an incoming signal that is say this this red signal here but you're only sampling it at these black points then the only thing that you can recover is an alias at a lower frequency. And so one of the the challenges and software defined radios is and radios and well software defined radios is actually dealing with this bandwidth limitation of analog to digital converters and conversely to transmit digital to analog converters. So the way that they actually do this is software defined radios shift frequencies down to or up from zero hertz sometimes known as a baseband and the math behind it sort of exploits this trig identity where if you multiply two sine waves of two different frequencies what you get are two different sum of two different frequencies and two different waves and the frequencies of those two waves are both the sum of the frequencies and the difference of the frequencies. And so what you can do if you say want to tune into 89.5 what you can do is have a local oscillator run at 89.5 and then shift if you receive something at 89.5 then the difference goes down to zero there also be something at twice 89.5 and you just filter that out before it goes to the analog to digital converter. And this is sort of how it looks like as a block diagram there as I said you know you usually use the difference in and filter out the sum. So there's one more trick that's commonly used in software defined radios and that is to use complex signals and so what that basically means is you have both an in phase wave and an out of phase 90 degrees out of phase carrier local oscillator signal and you actually have two different signal paths here and you use them independently and what this gets you is the ability to represent negative frequencies. So for example you can think of a oscillator as going around this unit circle at a particular speed and that encodes the frequency. And if you look at the Y component you would get say a sine wave if you look at the X component then you get a cosine wave. And so with this you can not only represent the rotational speed or the frequency but also which way it's going and this is how you can represent negative frequencies. And this is also why you will also see a lot of I's and Q's in software defined radios. So I stands for in phase Q stands for quadrature so it's 90 degrees out of phase. Alright so now that we have a signal that we're receiving how do we actually get data out of it. So say that we want to monitor some unknown data source or unknown modem and we want to start demodulating it. So the typical steps for demodulation are first frequency shifting. So usually what you'll do in a software defined radio is you'll the hardware will shift it down to some intermediate frequency which is maybe not zero it could be zero. But then you actually want to bring it all the way down to zero and part of the reason you might do that in software is because the local oscillator of your radio might not match the oscillator of the remote radio. And you have to do carrier tracking to make sure everything is demodulated correctly. You need to filter out any signals that aren't of interest after you do the frequency shifting. Filtering is also used to avoid inter-symbol interference which I'll talk about later. Once you do filtering you have to synchronize both onto the carrier frequency of the remote radio as well as the bit clock of the sender so that you know when to sample the signal. From there it gets a bit easier. You will sample the incoming signal at a fixed rate and then you can recover symbols from that which are bits. So the difference between a bit and a symbol so a bit is just a zero and a one a symbol can be multiple levels. So you can have like a 16 or 32 or 256 different symbols which can encode many different bits in a single sort of constellation point and I'll talk about that very shortly. Then once you get out the bit stream then there are some extra things that are on the digital domain and I think I won't talk about much about those because I think working with bits is more familiar to people. But there I'll briefly touch on those later. Alright so now I'm going to get into some of the nitty gritty details of how digital signal processing works, how some of the common tools use in digital signal processing. And so the first one that I want to talk about is filtering and filtering is one of the most fundamental tools of digital signal processing. So what this does is it takes in a signal and you can imagine it as like sort of a graphical equalizer. It can boost frequencies, it can drop frequencies so you have filters like a low pass filter or high pass filter. So these are graphs in the frequency domain so you have frequency going across the x axis here and the amplitude or the attenuation is in the y direction here. And so you can for example a low pass filter will allow a low frequencies through but then after a certain cutoff point which is usually at negative 3 dB is the cutoff frequency. Then it just sort of goes downhill from there. And so if you build these in hardware it's very hard to get a very sharp cutoff. It's a bit easier to do digitally but it's a tradeoff between how sharp you want your filter and how much computation you want to do. And then there's other types of simple frequency filters such as a band pass filter which only allows certain frequencies through and a notch filter which cuts out some frequencies. So one way you can describe filters is by what's known as their impulse response. And so the way to think of that is if you have a signal like this in the time domain which is all zero except for a single blip at one point to one and you send it through this filter you look at the signal that comes out of that filter. So for example if you send this through a low pass filter here you might get this response out of the filter. And so this is actually how you build what are known as finite impulse response filters. And so the way that those work is you take this impulse response that you want for your filter function and you put it in what's known as a filter kernel here. So just imagine that those points that were here are now in here. And when you push samples into this buffer what you do is you multiply component wise the incoming samples with their corresponding positions in the filter kernel and then sum them all up and spit them out as the output signal. So this is known as convolution. This is how finite impulse response filters work or fur filters. If you see things about fur filters in GNU radio for example this is exactly what they're talking about. These are called taps so if you see something that refers to like the number of taps this is exactly what they're talking about. And so as you can see the more taps you have the more computation you have to do and so the slower it is. So this is a fur filter with five taps. So another way that you can determine the filter taps is so you can take the frequency response that you want say on those graphs from the filtering slide and use what's known as the inverse 48 transform. And so what a Fourier transform does is it converts signals between the time domain or sort of the received signal that you get and the frequency domain. So to make that a bit more concrete so if you have like an oscilloscope and you see like a wave going up and down there that's sort of representation in the time domain. So you have time across the bottom and amplitude up the y-axis whereas in the frequency domain you would see sort of a peak right at where the frequency is. And so Fourier transforms are used to go between the time domain and the frequency domain. Alright so at this point we have some in phase and quadrature samples at approximately zero hertz. And what's interesting about IQ samples is that every modulation scheme can be described just by the amplitude of these i's and q's symbols or signals. And the way that you can do that is represent these i and q points on a graph, a two dimensional graph i and one axis q and another axis. And what's known as a constellation diagram. So for example in a very simple case where you have say let's see like a hundred eighty degree phase reversal for transmitting different bits. You don't care about the quadrature stuff you're only looking at the amplitude of the in phase signal. And so it's either regular amplitude or it's an inverted signal. Now if you want to get a bit crazier you can start putting these different points anywhere in this constellation diagram here. So for example you can encode two bits at a time by having different amplitudes of both the i and q symbols. And you can get as arbitrarily complex as you want. So this is like 16 quam so you have which stands for quadrature amplitude modulation. So you basically are amplitude modulating both the i's and the q's and you can represent four bits per point there. Now the issue is that when you send these over the air there will be interference. The components won't be perfect there will be some noise introduced in the system. And so what you get is say for bits or symbols that you send with that constellation diagram you might receive something like that. And as long as there's enough separation between them then you can recover those symbols. And you can add some air correction later once you get a bit stream to make it even more robust. Alright so in principle all you need to do to transmit a digital signal is just have an in phase and quadrature phase signal being transmitted at a particular frequency for a certain amount of time. And then immediately jump to a different set of amplitudes for your i and q signals. And then you just keep hopping it around at the data rate that you want. Now unfortunately this takes an infinite amount of bandwidth and as I discussed earlier you want to use only a finite part of the RF spectrum for your own signal to share it with others. And so the reason why this takes infinite bandwidth goes back to a little bit of math where square waves are just some of odd harmonics of sort of the fundamental frequency. So if you have this square wave at some frequency that is effectively the sum of the sine wave at that frequency plus the sine wave at three times that frequency. Five times that frequency and it just keeps going off to infinity and so if you keep summing them up together you get closer and closer to a square wave. And so what you're effectively doing by transmitting different points is you're creating a square wave of amplitudes. And so this takes infinite bandwidth. And so the way that you deal with that or one way that you can deal with that is you just say okay I don't care I'm just going to send. I'm going to use an infinite amount of bandwidth and then I'm going to filter it out so that I only take up as much bandwidth as I'm allowed. Now the problem with that is once you start filtering that then the symbols that you're sending start to smear together because you're destroying some information by filtering out those high frequency components. And this is known as inter-symbol interference. But there is a cool trick that allows you to minimize inter-symbol interference. And typically you use a raised cosine filter to minimize this inter-symbol interference. And so here's what that is. So here's the impulse response of a raised cosine filter. And so if you have a square wave and you send it through here this is effectively a low pass filter. So it limits the amount of bandwidth that you're using. However the interesting thing to note here is that on these T boundaries which are your symbol intervals the amplitude of the impulse response at each of these T's except at zero is zero. And so effectively what happens is if you send the symbols out and put it through this filter so say you transmit one and it generates sort of this signal here and then you transmit a two. Well the interesting thing here is that at the precise time that two is being transmitted the contribution from all other symbols is zero right at this point. And this is how you can get effectively zero inter-symbol interference while still taking up a limited amount of bandwidth. And so this is the magic that makes most digital modulation schemes work. There are some others but not going to get into that today. So one other twist here is that you might do this filtering completely on the sender side and that would make sense. However in the presence of noise and different effects sending it over the air it's actually more optimal to do half of the filtering on the transmitter side and half of the filtering on the receive side. And so if you have two filters and you multiply their effect together you basically multiply their frequency response together. And so if you want to do half the filtering on the transmitter side half the filtering on the receive side you basically do a square root of the filter that you want. You take the square root of the frequency attenuation that you want. So your raised cosine filter now becomes a root raised cosine filter. And so if you see this in GNU radio this is exactly what it's doing. It's applying that filter to avoid inter-symbol interference. So one other thing that you might have noticed back there is that to avoid this inter-symbol interference we have to precisely sample at this point. If we sample here then we effectively get the contribution of this symbol, of this symbol, of this symbol and so it gets a bit noisy. And if it's too bad then you can't actually recover the symbol that you wanted. And so to get no inter-symbol interference what you need to do is sample at precisely the right time. Now that seems fine in theory saying you know the transmitter sending at 9600 bits per second and the receiver is also sampling at 9600 bits per second. The problem is that these radios are made of real components and real components won't have an exact frequency. And also you need to, so there will be some drift between the transmitter and the receiver and so you have to lock on to that. And you also have to lock on to the phase. So even if you're in a situation where your frequency is perfectly locked you need to know sort of where you are in here. So you don't want to sample here, you don't want to sample here and here. You want to know that you sample right at the peak of that symbol. And so this gives a rise to something known as an eye diagram. So this is sort of a sample eye diagram from a patent I found. And so this sort of visualizes what happens when you sample earlier, sample late. So if you sample right on time you'll notice that the recovered signal is pretty clearly defined at this point, this point, or this point. But if you're off a bit then there's less margin of error here. And so in the presence of noise you could get confused to actually which point you're actually trying to receive. And so part of engineering these radio systems is to make this eye as it's known as wide as possible so that you can tolerate the most frequency and phase errors and noise and things like that. So one way to synchronize to the sender is a simple approach which is to just correlate it with a known signal. And this is often called a preamble. And an easy way to do that is to use our friend convolution again, put in the signal that you want to look for, do the exact same thing, and out pops a number that represents how similar the input signal is to the signal that you're looking for. And so this is a quick and dirty way to synchronize the phase assuming that the frequency is close enough. And for some simple systems this is good enough. For example yesterday I was talking about sniffing SCADA systems with a module that I wrote in GNU radio. And this is actually good enough to synchronize onto the bit timing and decode all the bits even though the frequency doesn't quite match up. It doesn't become a problem unless you get too far out of sync and the packets are small there so it works. Yeah so as I said clocks will drift. If you want to deal with the clock drift issue basically you have to do something more advanced. So one way to do this is you compute some sort of function between the phase error of the received signal and what you want. This phase error will be noisy so you put itself through some sort of low pass filter and use that in a feedback loop. And so this is called a phase lock loop which is used to recover timing and phase. You can use a higher order filter where you not only lock onto phase but also lock onto the frequency. And this is starting to get into some weird voodoo math magic that I don't fully understand and I don't expect many other people to as well. There is a lot of control theory behind it for feedback loops and things like that. But the takeaway point is that you can use these to recover both phase and frequency information of the transmitter. The one downside to this approach is that it takes time for these PLLs to lock. And so if you're dealing with short packets that are sent in bursts you usually will use a simple preamble. So the final thing that you need to do is deal with carrier recovery. So if your baseband frequency is not precisely matched with the transmitter then what will actually happen to your IQ diagram is it will start to rotate. And so what you can do is you can measure this as well and then create another feedback loop to correct for this and lock in on the transmitter's carrier signal to sort of stabilize this so you can do your symbol recovery and still stay sane. And so you can do this independently of bit timing recovery as well. You can do them in either order but I believe usually for simplicity interestingly enough timing recovery is done first before carrier recovery and sort of the signal chain. So one other thing that I'll just briefly mention is that when you send a signal over the air it won't necessarily have a flat frequency response. So that will distort the incoming constellation that you see. And there are again feedback algorithms to sort of estimate how sending something over the air distorts the signal. So briefly one way that you could do that is you know what the sender is sending. You know what you received. You know if you modulated itself what that signal is supposed to look like. And so then you can look at the difference between the received signal and the signal that you thought you should receive and then develop a filter to undo that distortion that you get over the air. Now this is used for higher data rate stuff in practice if you're dealing with low data rate stuff like how you have been. You can just completely ignore it and assume that the air channel is completely flat. So just leave that at that as one thing that you can add and that gets very complicated very fast. Alright so after you've done timing and carrier recovery it's really simple now. All you gotta do is if you receive a little blip here is just find the closest constellation point and that's as easy as you know just drawing some imaginary lines and finding the closest point. And that's basically all there is to simple recovery. So once you've got that now you've got bits and bits are nice and familiar and we all love bits. After that there might still be some post processing that you need to do. So for example if you send packets you need to know where exactly those packets start because you're only receiving a bunch of bits. So you need to then synchronize on the frames that you receive over the air and they themselves will often have preambles. And the preambles can be used for both timing recovery and frame synchronization things like that. There's something called bit scrambling and so this is used to sort of whiten the spectrum and have it more efficiently use the RF spectrum and sort of flatten out the frequency of the transmitted signal. And then this is not for security this is just for making the RF a bit nicer. And so if you want to reverse engineer a modem you'll look for like shift registers and XORs and things like that. That's used in the bit scrambling. And so finally there is error correction so if you send stuff over the air there will be noise some bits will get corrupted. You want to detect when those errors happen so you can use something like a CRC. But the problem is then you can't recover from those errors that might be fine you might just want to retransmit it. If you want to get even fancier there are error correction algorithms that will by transmitting redundant information if you lose a bit of that information or if a bit of that information is corrupted then you can actually recover what you originally intended to send or receive. And so to sort of wrap this up conceptually how this all works is you have your hardware here, you have your antenna, you have your hardware local oscillator here it mixes it down to some intermediate frequency, you sample it with an analog to digital converter. Now you're in software. In software you have another local oscillator that more precisely locks on to the transmitters carrier. You mix that, you apply a low pass filter or maybe some equalization. You do timing recovery, you do carrier recovery and then finally you get your bit decision out of that. And then you can deal with bits. So if you want more information about any of the things I talked about right now is sort of a whirlwind tour of different things, different topics. So there's Michael Osman series of software defined radio videos he made. He made the hacker F and as part of the Kickstarter campaign he is making a whole video series taking you through all of the magic of DSP and SDR. And they're really interesting and I highly recommend them. There's also ZIF.org's videos about signals. They go into some rants about why you don't need 96 kilohertz audio at 24 bits in listening use and they have all these interesting things like showing how bit dithering works and noise floors and all that crazy stuff and sampling theory. They're short but they're great. And then finally a lot of this I got from the scientists and engineers guide to digital signal processing by Stephen Smith. It's available online for free. All the PDFs are there. If you like it you can buy copy on Amazon. I find the PDFs or the website is just fine. So with that I'd like to thank you for listening and I apologize for the late start but hopefully this was informative for you all. Thank you.