Radio Frequency (RF) Trace Collection
and
RF Trace Replay Using
USRP2/GNUradio, Nokia 5230 & 2700 Mobile Phones.
Group Members:
Omotere, Oluwaseyi
Oduola, Wasiu Opeyemi
Advisor:
Dr. Lijun Qian
Department of Electrical and Computer Engineering
Prairie View A&M University
April 2013.
1
TABLE OF CONTENTS
CHAPTER 1 INTRODUCTION………………………………………………………………………………………………………………….3
1.1 Radio Frequency Traces……………………………………………………………………………………………………….…....3
1.2 Project Statement………………………………………………………………………………………………………..………......3
CHAPTER 2 RADIO FREQUENCY TRACE COLLECTION AND TRACE REPLAY……………………………………....…..6
2.1 Equipments…………………………………………………………………………………………………………………….……….…6
2.2 Experimental Procedure………………………………………………………………………………………………………….…6
2.2.1 Trace Collection…………………………………………………………………………………………………………….…6
2.2.2 Trace Replay……………………………………………….……………………………………………………………..…...8
2.2.3 RF Replay Reception………………………………..………………………………………………………………..…...8
2.2.4 Validation………………………………..………………………………………………….…………………………….……10
CHAPTER 3 CONCLUSION…………………………………………………………………………………………………………………....13
REFERENCES……………………………………………………………………………………………………………………………………….…14
APPENDIX……………………………………………………………………………………………………………………………………….…….15
Program 1 : Python Code for the Reception of RF Trace on UMTS Band 4……………………………………………..15
Program 2 : Python code for the replay of RF trace……………………………………………………………………………….17
Program 3: Python Code for the Reception of RF Trace Replay …………………………..……………………………..…19
2
CHAPTER 1
INTRODUCTION
1.1 Radio Frequency Traces:
Collection of Radio frequency (RF) signals over a wide range of spectrum requires receiver units
that can be configured to scan a range of frequency bands within 50MHz-8GHz. The modular
design of Universal Software Radio Peripheral (USRP2) allows extension of the basic system
using various daughter boards for RF transmitters and/or receivers at different frequency
bands. USRP2 also features two 400MS/s 16-bit digital to analog converters and is capable of
processing signals up to 100MHz wide. Compared to high-end spectrum analyzers, the use of
USRP2 has the advantage of better programmability, and low costs for small to large scale
deployments. USRP2, in combination with GNU radio software and cellular devices, makes it
feasible to collect and replay GSM RF traces. Validation of collected traces from USRP2 is
possible with a commercial grade spectrum analyzer.
GNU Radio is a free and open-source software development toolkit that provides signal
processing blocks to implement software radios. It can be used with readily-available low-cost
external RF hardware like USRP2 to create software-defined radios. GNU Radio provides a
number of radio components pre-written in software form which GNU Radio refers to as blocks
which can communicate using various data types. Users can also write their own blocks if
needed, developing GNU Radio applications and blocks created in C++ or Python. All the signal
processing blocks are written in C++ and Python is used to create a network or graph and glue
these blocks together. Many useful and frequently used blocks have been provided by the GNU
Radio project, so in many cases one doesn’t need to touch C++, just using Python to finish one’s
task. GNU Radio also uses a graphical user interface known as GNU Radio Companion (GRC)
which is the interface used in this experiment. The GRC is a visual programming environment
that allows you to design flowgraphs and the GRC will generate python program to execute
what you have designed.
GSM networks operate in a number of different carrier frequency ranges (separated into GSM
frequency ranges for 2G and Universal Mobile Telecommunications System networks (UMTS)
frequency bands for 3G), with most 2G GSM networks operating in the 850/900 MHz or
1800/1900 MHz bands. UMTS band 4 (Uplink 1710-1755MHz and Downlink 2110-2155MHz
band) is a wireless telecommunications spectrum band used for mobile voice and data services,
video, and messaging. The UMTS frequency bands are radio frequencies used by third
generation (3G) wireless UMTS networks.
1.2 Project Statement
We plan to collect and replay RF signals over the UMTS band 4 spectrum using USRP2, GNU
radio software and Nokia 5230 & 2700 mobile phones on T-mobile network. The modular
3
design of USRP2 allows extension of the basic system using various daughter boards for RF
transmitters and/or receivers at different frequency bands. It also features two 400MS/s 16-bit
digital to analog converters and is capable of processing signals up to 100MHz wide. Traces
collected from USRP2 will be replayed and validated using a commercial grade spectrum
analyzer. The USRP2 and spectrum analyzer used in this project are shown in figure 1 and figure
2 respectively.
We plan to use Nokia 5230& 6700 Mobile Phones on the T-Mobile 3G network which operates
on the new Advanced Wireless Service (AWS UMTS Band 4) 1710-1755MHz and 2110-2155MHz
band. Because T-Mobile (USA) 3G operates on the 1700MHz AWS band, we have to ensure that
antennas used support 1710-1755MHz (transmit) and 2110-2155MHz (receive).
Fig. 1: Universal Software Radio Peripheral (USRP2)
4
Fig. 2 : NI PXI Spectrum Analyzer
5
CHAPTER 2
RADIO FREQUENCY TRACE COLLECTION AND TRACE REPLAY
2.1 Equipments
The following are the equipments used in this experiment:
1. Hardware
 NI PXI Spectrum Analyzer x 1
 USRP2 x 2
 Antennas x 3
 Low noise amplifier x 1
 Agilent E3632A 0-15,7A/0-30,4A DC Power Supply
 Computers
 Nokia 5230& 6700 Mobile Phones
2. Software
 GNU Radio v3.62
 Ubuntu v12.04
 Windows 7
 Python v3.3
2.2 Experimental Procedure
2.2.1. Trace Collection
Flowgraph for the collection of RF signal trace was set up. The blocks were connected as shown
in Fig. 3. A UHD: USRP Source block was configured at a centre frequency of 1.7475GHz to
receive the RF signal from a transmitting Nokia 5230 Mobile Phone on the UMTS band 4. The RX
daughterboard on the USRP 2 captures the RF signal and sends it through the analog to digital
converter to the FPGA board on the USRP2. The signal is processed by the USRP FPGA and the
streams of bits finally flows through the communication port to the USRP source. The sampling
rate used is 25MHz. The 3G RF signal bandwidth is 5MHz and according to Nyquist sampling
theorem, it is required that the sampling frequency be greater than or equal to twice the
highest frequency component of the RF signal. The USRP Source block is connected to a
Multiply Constant block to amplify the signal before being displayed on the WX GUI FFT Sink. A
directory was created on the File Sink block to store the received RF signal from the UHD: USRP
Source block. This will enable a replay of the received RF signal. The FFT display is shown in Fig.
4. See the Appendix section (program 1) for the corresponding python codes.
6
Fig. 3: GNU Radio Companion flow graph for RF trace collection in UMTS band 4
Fig. 4: GNU Radio Companion WX GUI FFT Sink display showing collected RF trace.
7
2.2.2 Trace Replay
Flowgraph for the replay of the collected RF signal was setup as shown in Fig. 5. A File Source
block set to the same directory as the collected traces was connected to UHD: USRP Sink. The
RF signal from the File Sink to the UHD: USRP Sink is sent to the transmitting antenna of the
USRP 2 thereby transmitting the replayed signal. The File Source block is also connected to WX
GUI FFT Sink which displayed collected traces being replayed as shown in Fig. 6. See the
Appendix section (program 2) for the corresponding python codes.
2.2.3 RF Replay Reception
A separate receiver system consisting of USRP2 and GNU Radio with the flowgraph shown in Fig.7 was
setup to receive the replayed trace as the first validation step. The UHD: USRP Source is connected to
WX GUI FFT Sink to display the received signal as shown in figure 8. See the Appendix section
(program 3) for the corresponding python codes.
Fig. 5: GNU Radio Companion flowgraph to replay collected GSM trace
8
Fig. 6: GNU Radio Companion WX GUI FFT Sink display showing replayed traces at the transmitter
Fig. 7: GNU Radio Companion flowgraph for reception of the replayed trace
9
Fig. 8: GNU Radio Companion WX GUI FFT Sink display showing replayed traces received by USRP2
2.2.4 Validation
A commercial-grade Spectrum Analyzer was used to validate the collected traces as well as the
replayed traces from the transmitting and receiving USRP2s. Fig. 9 and Fig. 10 shows the RF
signals received with the aid of the Spectrum Analyzer which are similar to the RF traces
collected and replayed.
10
Fig. 9: Spectrum Analyzer display showing the collected RF trace.
11
Fig. 10: Spectrum Analyzer display showing the replayed RF trace.
12
CHAPTER 3
CONCLUSION
This project took advantage of the programmability of the USRP to receive RF signals from the
UMTS band 4, replay the RF signals and validated it with a commercially-graded spectrum
analyzer. Compared to high-end spectrum analyzers, the use of USRP2 has the advantage of low
costs and better programmability for small to large scale deployments.
The ability to emulate wireless signal propagation in a physical space is crucial for repeatable
control experiments. Existing wireless emulators are limited by the types of devices connected
and channel model emulated. For instance, the CMU emulator takes feeds through a cable
attached to the antenna port of their wireless line cards, the Digital signal processing engine
models the effects of signal propagation (e.g. large-scale attenuation and small-scale fading) on
each signal path between RF nodes. For wireless monitoring, it is useful to reconstruct the
"crime scene" from the captured traces even when the devices are not available for repeatable
experiments.
To overcome the limitation of existing wireless emulator, a software module for trace play back
(e.g. GNU Radio Companion Trace Repay in our experiment) can be use to generate digital
signals that will be injected to the Digital-to-Analog (DAC) module on USRP2 radio board or
through high speed DAC interface to signal generator.
In addition to RF signals in UMTS band 4, in future, we will include a few representative types of
wireless devices that are commonly used in enterprise and hospital environments. This
includes, Bluetooth radios (2.4GHz), Zigbee radios (2.4GHz), WiFi (2.4GHz), implantable wireless
devices operating at MICS bands (402-405MHz) etc. These devices will be used in studying coexistence among different wireless technologies, and extraction of device signatures.
13
REFERENCES
[1] USRP2 product information. http://gnuradio.org/redmine/projects/gnuradio/wiki/USRP2,
2012 [Online; accessed 2012].
[2] Ettus Research LLC., http://www.ettus.com
[3] GNUradio Official website, http://gnuradio.org/trac
[4] The GSM Software Project, http://wiki.thc.org/gsm
[5] E. Blossom, “GNURadio: Tools for Exploring the Radio Frequency Spectrum” Linux Journal,
2004, http://www.linuxjournal.com/article/7319
[6] E. Blossomm, “How to write a Signal Processing Block”, http://www.gnu.org/
software/gnuradio/doc/howto-write-a-block.html
[7] Global System for Mobile Communications. [Online]. Available: http://en.wikipedia.org/
wiki/GSM [Online; accessed December 2012].
14
APPENDIX
Program 1: Python Code for the Reception of RF Trace on UMTS Band 4.
#!/usr/bin/env python
##################################################
# Gnuradio Python Flow Graph
# Title: Top Block
# Generated: Mon Apr 15 11:39:06 2013
##################################################
from gnuradio import eng_notation
from gnuradio import gr
from gnuradio import uhd
from gnuradio import window
from gnuradio.eng_option import eng_option
from gnuradio.gr import firdes
from gnuradio.wxgui import fftsink2
from grc_gnuradio import wxgui as grc_wxgui
from optparse import OptionParser
import wx
class top_block(grc_wxgui.top_block_gui):
def __init__(self):
grc_wxgui.top_block_gui.__init__(self, title="Top Block")
_icon_path = "/usr/share/icons/hicolor/32x32/apps/gnuradio-grc.png"
self.SetIcon(wx.Icon(_icon_path, wx.BITMAP_TYPE_ANY))
##################################################
# Variables
##################################################
self.samp_rate = samp_rate = 25e6
self.multiplier = multiplier = 100
self.freq = freq = 1.7475e9
##################################################
# Blocks
##################################################
self.wxgui_fftsink2_0 = fftsink2.fft_sink_c(
self.GetWin(),
baseband_freq=freq,
y_per_div=10,
y_divs=10,
ref_level=0,
ref_scale=2.0,
sample_rate=samp_rate,
fft_size=1024,
fft_rate=15,
average=False,
avg_alpha=None,
title="FFT Plot",
peak_hold=False,
)
15
self.Add(self.wxgui_fftsink2_0.win)
self.uhd_usrp_source_0 = uhd.usrp_source(
device_addr="",
stream_args=uhd.stream_args(
cpu_format="fc32",
channels=range(1),
),
)
self.uhd_usrp_source_0.set_samp_rate(samp_rate)
self.uhd_usrp_source_0.set_center_freq(freq, 0)
self.uhd_usrp_source_0.set_gain(26, 0)
self.uhd_usrp_source_0.set_bandwidth(0.25e8, 0)
self.gr_multiply_const_vxx_0 = gr.multiply_const_vcc((multiplier, ))
self.gr_file_sink_0 = gr.file_sink(gr.sizeof_gr_complex*1,
"/home/wicomlab/Documents/Traces/gsm_trace.dat")
self.gr_file_sink_0.set_unbuffered(False)
##################################################
# Connections
##################################################
self.connect((self.uhd_usrp_source_0, 0), (self.gr_file_sink_0, 0))
self.connect((self.uhd_usrp_source_0, 0), (self.gr_multiply_const_vxx_0, 0))
self.connect((self.gr_multiply_const_vxx_0, 0), (self.wxgui_fftsink2_0, 0))
def get_samp_rate(self):
return self.samp_rate
def set_samp_rate(self, samp_rate):
self.samp_rate = samp_rate
self.uhd_usrp_source_0.set_samp_rate(self.samp_rate)
self.wxgui_fftsink2_0.set_sample_rate(self.samp_rate)
def get_multiplier(self):
return self.multiplier
def set_multiplier(self, multiplier):
self.multiplier = multiplier
self.gr_multiply_const_vxx_0.set_k((self.multiplier, ))
def get_freq(self):
return self.freq
def set_freq(self, freq):
self.freq = freq
self.uhd_usrp_source_0.set_center_freq(self.freq, 0)
self.wxgui_fftsink2_0.set_baseband_freq(self.freq)
if __name__ == '__main__':
parser = OptionParser(option_class=eng_option, usage="%prog: [options]")
(options, args) = parser.parse_args()
tb = top_block()
tb.Run(True)
16
Program 2 : Python code for the replay of RF trace
#!/usr/bin/env python
##################################################
# Gnuradio Python Flow Graph
# Title: Top Block
# Generated: Mon Apr 15 11:41:19 2013
##################################################
from gnuradio import eng_notation
from gnuradio import gr
from gnuradio import uhd
from gnuradio import window
from gnuradio.eng_option import eng_option
from gnuradio.gr import firdes
from gnuradio.wxgui import fftsink2
from grc_gnuradio import wxgui as grc_wxgui
from optparse import OptionParser
import wx
class top_block(grc_wxgui.top_block_gui):
def __init__(self):
grc_wxgui.top_block_gui.__init__(self, title="Top Block")
_icon_path = "/usr/share/icons/hicolor/32x32/apps/gnuradio-grc.png"
self.SetIcon(wx.Icon(_icon_path, wx.BITMAP_TYPE_ANY))
##################################################
# Variables
##################################################
self.samp_rate = samp_rate = 25e6
self.freq = freq = 1.7475e9
self.const = const = 100
##################################################
# Blocks
##################################################
self.wxgui_fftsink2_0 = fftsink2.fft_sink_c(
self.GetWin(),
baseband_freq=freq,
y_per_div=10,
y_divs=10,
ref_level=50,
ref_scale=2.0,
sample_rate=samp_rate,
fft_size=1024,
fft_rate=30,
average=False,
avg_alpha=None,
title="FFT Plot",
peak_hold=False,
)
self.Add(self.wxgui_fftsink2_0.win)
17
self.uhd_usrp_sink_0 = uhd.usrp_sink(
device_addr="",
stream_args=uhd.stream_args(
cpu_format="fc32",
channels=range(1),
),
)
self.uhd_usrp_sink_0.set_samp_rate(samp_rate)
self.uhd_usrp_sink_0.set_center_freq(freq, 0)
self.uhd_usrp_sink_0.set_gain(26, 0)
self.uhd_usrp_sink_0.set_bandwidth(25e6, 0)
self.gr_multiply_const_vxx_0_0 = gr.multiply_const_vcc((const, ))
self.gr_file_source_0 = gr.file_source(gr.sizeof_gr_complex*1,
"/home/wicomlab/Documents/Traces/gsm_trace.dat", True)
##################################################
# Connections
##################################################
self.connect((self.gr_file_source_0, 0), (self.gr_multiply_const_vxx_0_0, 0))
self.connect((self.gr_multiply_const_vxx_0_0, 0), (self.uhd_usrp_sink_0, 0))
self.connect((self.gr_file_source_0, 0), (self.wxgui_fftsink2_0, 0))
def get_samp_rate(self):
return self.samp_rate
def set_samp_rate(self, samp_rate):
self.samp_rate = samp_rate
self.wxgui_fftsink2_0.set_sample_rate(self.samp_rate)
self.uhd_usrp_sink_0.set_samp_rate(self.samp_rate)
def get_freq(self):
return self.freq
def set_freq(self, freq):
self.freq = freq
self.wxgui_fftsink2_0.set_baseband_freq(self.freq)
self.uhd_usrp_sink_0.set_center_freq(self.freq, 0)
def get_const(self):
return self.const
def set_const(self, const):
self.const = const
self.gr_multiply_const_vxx_0_0.set_k((self.const, ))
if __name__ == '__main__':
parser = OptionParser(option_class=eng_option, usage="%prog: [options]")
(options, args) = parser.parse_args()
tb = top_block()
tb.Run(True)
18
Program 3 : Python Code for the Reception of RF Trace Replay
#!/usr/bin/env python
##################################################
# Gnuradio Python Flow Graph
# Title: Top Block
# Generated: Sun Apr 14 21:27:36 2013
##################################################
from gnuradio import eng_notation
from gnuradio import gr
from gnuradio import uhd
from gnuradio import window
from gnuradio.eng_option import eng_option
from gnuradio.gr import firdes
from gnuradio.wxgui import fftsink2
from grc_gnuradio import wxgui as grc_wxgui
from optparse import OptionParser
import wx
class top_block(grc_wxgui.top_block_gui):
def __init__(self):
grc_wxgui.top_block_gui.__init__(self, title="Top Block")
_icon_path = "/usr/share/icons/hicolor/32x32/apps/gnuradio-grc.png"
self.SetIcon(wx.Icon(_icon_path, wx.BITMAP_TYPE_ANY))
##################################################
# Variables
##################################################
self.samp_rate = samp_rate = 25e6
self.multiplier = multiplier = 100
self.freq = freq = 1.7475e9
##################################################
# Blocks
##################################################
self.wxgui_fftsink2_0 = fftsink2.fft_sink_c(
self.GetWin(),
baseband_freq=freq,
y_per_div=10,
y_divs=10,
ref_level=50,
ref_scale=2.0,
sample_rate=samp_rate,
fft_size=1024,
fft_rate=30,
average=False,
avg_alpha=None,
title="FFT Plot",
peak_hold=False,
)
self.Add(self.wxgui_fftsink2_0.win)
self.uhd_usrp_source_0 = uhd.usrp_source(
19
device_addr="",
stream_args=uhd.stream_args(
cpu_format="fc32",
channels=range(1),
),
)
self.uhd_usrp_source_0.set_samp_rate(samp_rate)
self.uhd_usrp_source_0.set_center_freq(freq, 0)
self.uhd_usrp_source_0.set_gain(26, 0)
self.uhd_usrp_source_0.set_bandwidth(25e6, 0)
self.gr_multiply_const_vxx_0 = gr.multiply_const_vcc((multiplier, ))
##################################################
# Connections
##################################################
self.connect((self.gr_multiply_const_vxx_0, 0), (self.wxgui_fftsink2_0, 0))
self.connect((self.uhd_usrp_source_0, 0), (self.gr_multiply_const_vxx_0, 0))
def get_samp_rate(self):
return self.samp_rate
def set_samp_rate(self, samp_rate):
self.samp_rate = samp_rate
self.uhd_usrp_source_0.set_samp_rate(self.samp_rate)
self.wxgui_fftsink2_0.set_sample_rate(self.samp_rate)
def get_multiplier(self):
return self.multiplier
def set_multiplier(self, multiplier):
self.multiplier = multiplier
self.gr_multiply_const_vxx_0.set_k((self.multiplier, ))
def get_freq(self):
return self.freq
def set_freq(self, freq):
self.freq = freq
self.uhd_usrp_source_0.set_center_freq(self.freq, 0)
self.wxgui_fftsink2_0.set_baseband_freq(self.freq)
if __name__ == '__main__':
parser = OptionParser(option_class=eng_option, usage="%prog: [options]")
(options, args) = parser.parse_args()
tb = top_block()
tb.Run(True)
20