Those specs look like P25, so you could start learning here: https://osmocom.org/projects/op25/wiki/DecoderPage
and take a look at the gr-op25 code, which includes C4FM (call FSK4 here) demodulator and slicer. https://github.com/osmocom/op25 On Sun, Aug 16, 2020 at 3:26 AM HLL <[email protected]> wrote: > Hello all, > > I Am in the information security industry (so I do not have a signal > processing background) and I'm trying to properly extract symbols of a > signal. > The device that I have access to (and no real internal documentation, I'm > reverse-engineering it 'from the outside') can be triggered to send the > data, I do not have access to the internal hardware. > Also, The product is outside the US, but I think I've managed to find a > *similar* device which the data does make sense for. > > Measured Frequency deviation ~600hz (for +1, for +3 1800) > FCC: Channel width: 12.5khz, I do not know how to measure it (?) > FCC: Symbol rate 6kb/s ; I Measured 5900~6010 Sym/s > FCC: Modulation 4 Level FSK, (Seems to make sense, see capture) > > Googling, I've found 2 Related things: > 1. C4FM Demodulator via gnuradio <https://hb9uf.github.io/gr-ysf/> - As > it seems, I have almost exact modulation, I've tried to change the symbol > rate accordingly, but I did not get any proper results > 2. I Have checked out the OOT Blocks that are referenced here > <https://qsl.net/kb9mwr/projects/dv/apco25/GnuradioFourLevelFSK.pdf>, but > they are for an ancient version of GR; In order to port it I'd have to > somehow understand both the old and the new version. > > I've scoured the internet trying to understand how to perform this task > independently while I'm no math expert. > What I've tried: > *I tried using various configurations of RRC (as I understood that's > the filter I should feed into the symbol synchronizer block) I somehow > manage to configure it in such a way as intended, I believe so that the > value is that; but do I really need such a filter? If I'm not mistaken, the > fm-demodulated time domain looks like a gaussian filter, not a RRC one. > [image: image.png] > *Tried using polyphase clock sync (the old version and the 'symbol sync' > version) with various values, again usually the sampling doesn't occur at > the best position and slicer can't properly tell between +3 and +1 etc) . > *Universal radio hacker" somehow did the trick, but I guess "autodetect" > for the 4 level does not work properly and I can't configure the values so > that I would have consistent results. > > If someone could point me out to how to properly and reliably extract the > symbols from these kinds of signals, I would greatly appreciate it. > I've attached the capture from 2 different devices (they send a few bursts > with each trigger, this case 3 each), after I've ~centered them and > downsampled to 100ks/s (IQ Float) > > I Would like to "get the fish" but I would also value that you point me > out to learning "how to fish" as it's not the first time that I'm having > trouble in clock recover/symbol timing and this field is just an online > puzzle that I never seem to get right (even for clean-looking signals with > proper reception). > > Thank you All! > >
