Well, I do not expect public safety standards for bus AVL, often enough
they are nothing more than a pimped APRS system. Would be interesting
how the standard is called, what manufacturer…
I have built a system for an aviation authority (!), some years ago.
They needed a system to transmit high precision location data from
planes to ground station, for periodical recertification of ILS, radars,
beacons and such stuff around airports. Their demand was, the new box
must look exactly like the old one, in case somebody asks if the stuff
is still the hardware mentioned in the license; I’m not kidding. So I
have bought some 9k6 packet radio controllers with TRX on board,
modified the filters for around 300 MHz, programmed their assigned
frequencies into them, set them in some special mode to simulate a 4k8
RS232 cable…then took the sample of the old system, went to a milling
shop, with the order “make me six boxes like this one, but so that I can
install this different PCB into it”. We put the modified ham gear into
the boxes, made the interfacing 100% compatible, so the drop-in
replacement was perfect.
If you find (in central Europe) 9k6 FSK packet radio bursts in MIL AV
UHF band containing NMEA packets, it is very likely that it is my fault
Quite often you can find simple stuff in places where really
something highly sophisticated is expected.
From: dis[email protected]
[mailto:dis[email protected]] On Behalf Of
Sent: Tuesday, May 26, 2015 12:27 PM
To: Mark H.
Cc: GnuRadio D. GnuRadio
Subject: Re: [Discuss-gnuradio] Question about reverse-engineering a new
FIPS compliant security, device security, network security, access
controls, and application level security are all integral parts of
Public Safety Network design and operation and AVL in particular. It is
just not intended to be “super duper” APRS. I would not spend a lot
money on equipment if this is your only goal and the amount of money I
would spend would cover a RTL-SDR dongle and not much more until such
time as I was certain that these serious impediments were surmountable.
That said, hackers (the good definition) live for this, and I encourage
On Tue, May 19, 2015 at 3:04 PM, Mark H. <[email protected]
mailto:[email protected] > wrote:
This is a bit of an idle question, but I’m hoping some knowledgable
here can offer advice. Mostly I’m trying to understand better what I
don’t know, and the size of the challenge, before jumping in to a
I’d like to try decoding some AVL traffic in the 700-MHz band (GPS
broadcast by transit vehicles to a central collector, where predictors
used to generate the ETAs displayed on electronic bus-stop signs). The
modulation is 4-FSK, similar to P25 except wider with a higher symbol
emission designator 20K0F1D. The particular frequency(s) should be easy
enough to discover. Transmissions are short packets on shared channels
some kind of slotted aloha or CSMA MAC. A rate-3/4 convolutional code
used. The preceding is public information gleaned from the web. I
captured any signals yet.
The known unknowns: preambles and framing stuff, symbol mapping,
the particular rate-3/4 code used (only a couple of candidates though),
the scrambler (whitener) and its initialization. AFAIK there is no
encryption per se. The payload is supposed to be TCP/IP, so there could
some sort of header compression.
My question, then, is given this information, are there reasonable odds
success? I have some digital comms background from grad school but
to no practical experience. Wondering if this might be an excuse to
a HackRF etc. and learn GNU Radio, or if it’s likely to be a dead end.
Discuss-gnuradio mailing list
[email protected] mailto:[email protected]
Co-Founder and Technical Director, Federated Wireless, LLC
Research Professor Virginia Tech
Senior Member IEEE, Facebook: N4HYBob, ARS: N4HY
Faculty Advisor Virginia Tech Amateur Radio Assn. (K4KDJ)