Future improvements may be done to stack up multiple USRP2 devices trough MIMO cable an catch a wider spectrum (the whole GSM spectrum). It maybe even better to be able to make this USRP clustering in "sw" by using from the PC multiple Radio listener, gaining compatibility also for the USRP1 and removing the need to use MIMO cable with USRP2 .
I don't really know if full spectrum monitoring it's required to do the cracking/interception job because, commercial interception equipment say to monitor multiple channels at time but without monitoring the whole spectrum http://cryptome.org/gsm-interceptor.htm . That's because they use embedded commercial high performance SDR (USRP are for research) such as Winradio: http://www.winradio.com/home/g315e-s.htm It's also true that a Winradio SDR card can do 50channel/s hopping, that maybe useful for the techniques. However let's see with USRP how the full spectrum can be monitored, it sounds slightly costly and unefficient. The various GSM spectrum in Europe are: P-GSM-900 900 890.2--914.8 935.2--959.8 1--124 E-GSM-900 900 880.0--914.8 925.0--959.8 975--1023, 0-124 While for Brazil and some other countries there's also: GSM-850 850 824.0--849.0 869.0--894.0 128--251 http://en.wikipedia.org/wiki/GSM_frequency_ranges Assuming to want to monitor the whole freq. spectrum a system must monitor: 880.0-914.8 = 34,8 MHZ (uplink) 925.0-959.8 = 34,8 MHZ (downlink) So it would be required: - 10 USRP1, with 5 monitoring full uplink and 2 monitoring downlink - 4 USRP2, with 2 monitoring full uplink and 2 monitoring downlink Let's say to want to monitor also GSM1800: DCS-1800 1800 1710.2--1784.8 1805.2--1879.8 512--885 1720.2-1784.8 = 64,6 MHZ (uplink) 1805.2-1879.8 = 74,6 MHZ (downlink) It means adding 6 USRP2 or 19 USRP1 for GSM1800. It means that to monitor the whole spectrum would require: - 29 USRP1 = 20.300 USD - 10 USRP2 = 14.000 USD Let's say that each device would probably require it's own antenna, let's estimate for a good one 60 USD. Each device need it's own receiver and need to use one DBRX (150 USD). So let's make final math along with a 15% volume discount: USRP1 based total cost full spectrum monitoring: 20.300 USD (USRP1) + 4.350 USD (DBRX) + 1740 USD = 26.390 USD USRP2 based total cost full spectrum monitoring: 14.000 USD (USRP2) + 1.500 USD (DBRX) + 600 USD = 16.100 USD The matter is, does a full spectrum monitoring would provide some real advantage for the airprobe/kraken companion? Maybe no because just monitoring signaling channels it would be possible to know where to tune the radio, eventually 2 USRP device or one USRP device equiped with 2 DBRX would be useful (one for monitoring control channel and one for monitoring the target) ? Fabio On 27/07/10 19.38, Cal Leeming [Simplicity Media Ltd] wrote: > Hi guys, > > I don't know if this information is of any use to anyone, but here is > what they said: > > Cal, > > Theoretically you can monitor a 60MHz chunk of spectrum, but there are a > few limitations to consider: > > The standard software for USRP1/USRP2 sends samples as 16bit, > complex (I/Q) values. For practical purposes, this means the > USRP1 can pass 8Msps over USB2 and the USRP2 can pass 25Msps over > gigabit ethernet. Those figures translate directly into 8MHz and > 25MHz of instantaneous spectrum access respectively. If you want to > monitor a wider bandwidth, you would need to use fewer bits per > sample. I believe there may be community implementations of 8bits > or less per sample, and we are working on our own, but no eta. You > are of course free to take the software/fpga code and do this > yourself. > > We do not currently spec frequency switching time (LO lock time) of > our daughterboards. It is likely to be substantial fractions of > seconds if you need to change the LO on the daughterboard. If you > are wanting to do frequency hopping, my suggestion would be to stick > within a 60MHz window and then use the DDC to select smaller chunks > of the 60MHz to send over the bus from USRP to Host PC. Even better > would be to hop within the 8MHz or 25MHz of instantaneous bandwidth > on your host pc using the analysis filter bank. Then you could have > very fast switching. > > Jason > - Hide quoted text - > > On Fri, Jul 23, 2010 at 12:57:06PM +0100, Cal Leeming [Simplicity > Media Ltd] wrote: > > Hey, > > > > I have been monitoring the progress of the USRP for almost 2 years > now, and > > have finally convinced myself to spend some money on investing in > some radio > > fun! > > > > I just wanted to confirm the following points (please excuse me if I have > > used the wrong terminology!): > > > > > > - In the DBSRX specifications, it states that the software can > monitor a > > channel as wide as 60mhz. Does this mean the accuracy of data or > the error > > probability goes higher, when you increase the channel width? And > also, does > > the resolution suffer greatly by monitoring a wider band? (i.e. if > I was to > > monitor a single 1mhz channel, and then switched to a wide 60mhz > channel, > > would the data be less precise?) - let me know if this question > doesn't make > > any sense! > > > > - How quickly is the USRP able to switch frequencies? (From the > moment I > > send a python query, to the point of the daughter board physically > switching > > over) > > > > > > Cheers! > > > > -- > > > > Cal Leeming > > > > Operational Security & Support Team > > > > *Out of Hours: *+44 (07534) 971120 | *Support Tickets: * > > [email protected] > <mailto:[email protected]> > > *Fax: *+44 (02476) 578987 | *Email: > *[email protected] > <mailto:[email protected]> > > © 2010 Simplicity Media Ltd. All rights reserved. > > Registered company number 7143564 > > > -- > > Cal Leeming > > Operational Security & Support Team > > *Out of Hours: *+44 (07534) 971120 | *Support > Tickets: *[email protected] > <mailto:[email protected]> > *Fax: *+44 (02476) > 578987 | *Email: *[email protected] > <mailto:[email protected]> > > Simplicity Media Ltd. All rights reserved. > Registered company number 7143564 > > > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >
_______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
