Project Whack a Mole Part 1

As a side project I’ve been working on a Direction Finding (DF) system. Although it relies on phase it’s very different to Doppler. It uses a mixer to frequency multiplex signals from two antennas into a SDR. Some maths works out the phase difference between the antennas, which can be used to compute a bearing.

The use case is tracking down a troll who is annoying us on our local repeater. He pops up for a few seconds at a time, like the game of Whack a Mole. It’s also fun to work on a new(ish) type of DF system, and play with RF.

I’ve got the system measuring phase angles between two antennas on the bench, so thought I better come up for air and blog on my progress so far.

Hardware

Here is a block diagram of the hardware:

The trick is to get signals from two antennas into the SDR, in such a way that the phase difference can be measured. One approach is to phase lock two or more SDRs. My approach is to frequency shift the a2 signal, which is then summed with a1 and sent to the SDR. I used a Minicircuits ADE-1 mixer (left) and home made hybrid combiner (centre):

For testing on the bench I use a sig-gen and a splitter (right) to generate the a1 and a2 signals. I can vary the phase by varying the cable lengths.

Here is a spec-an plot showing a1 in the centre and the a2 “sidebands”, at +/- 32kHz:

The LO frequency of 32kHz was chosen as it (i) greater than the 16kHz bandwidth of FM signals and (ii) means we can use a modest sampling rate of 192kHz to capture the 3 signals, (iii) we can use a common “watch” crystal to generate it. The LO input on the mixer is rated down to 500kHz but works OK with a conversion loss of 9dB.

Signal Processing Design

OK so we have the two signals a1 and a2 present at each antenna. Theta is an arbitrary phase offset that both signals experience due to propagation time from the transmitter, and other phase shifts common to both signals, like the SDRs signal processing. Phi is the phase difference between a1 and a2, this is what we want to compute. Alpha is the phase offset of the local oscillator. Only a2 experiences this phase shift as it passes through the mixer. Omega-l is the local oscillator frequency, and omega is the carrier frequency. The summed signal presented to the SDR input is called r, which we can derive:

Note we assume the two signals a1 and a2 are complex, but the mixer is real (double sided). So there are a total of three signals at the SDR input. Now lets mess about with the phase terms of the three signals that make up r:

So the output is 2 times phi, the phase difference between the two antennas. Yayyyyyy. The 2phi output also implies an ambiguity of 180 degrees, which is what we would expect with just 2 antennas. I’ll worry about that later, e.g. with a third channel or mounting the hardware on the edge of our city such that bearings are only expected from one hemisphere.

There are several ways to implement the signal processing. I like the sample by sample approach:

It’s all implemented in df_mixer.m. This can run with a simulated signal or input from a HackRF SDR.

Walk Through and Results

Lets look at the algorithm in action with a1 and a2 generated on the bench using a splitter and two lengths of coax to set the phase difference. The signal generator was set to 439.048MHz and -30dBm. We sample about 1 second using the HackRF SDR, the run the Octave script:
$ hackrf_transfer -r df1.iq -f 439000000 -n 10000000 -l 20 -g 40
% octave:25> df_mixer.m

Here is the input signal, the wanted signals are at 48kHz (a1), 16kHz and 80kHz (a2).

We pass that through these Band Pass Filters (BPFs):

To get the three signals:

After the signal processing magic we can plot the output for each sample on the complex plane. Its like a scatter plot, and gives us a feel for how reliable the phase estimates are:

We can also find the angle for each sample and plot a histogram. The tighter this histogram is the more confidence we have:

Testing with Cables

So how to test? I ended up inserting short lengths of transmission line, using adapters and attenuators. I guessed the velocity as 2/3 the speed of light. This spreadsheet summarises the results:

When I insert adapters in the opposite antenna line the phase angle reduces. I inserted a 10dB attenuator and the phase angle changed roughly in proportion to the attenuator length. It worked just fine despite the amplitude difference. So it’s doing something sensible. Wow!

Discussion

The central carrier and two “sidebands” looks a lot like an AM signal. I initially thought I could demodulate it using envelope detection. However that was a flop, so I got the paper and pencil out and worked out the math. This was challenging but I do enjoy a good engineering puzzle. After a few goes over several days I came up with the math above, and tested it using a simulation.

Note we don’t really care what sort of modulation the signal has. It could be a carrier, FM, or SSB. We just look at the phase so it’s insensitive to amplitude differences in the two signals. Any frequency and phase modulation is present on both a1 and a2 and is removed by the signal processing, leaving just the phase difference term. So the algorithm essentially strips modulation.

This means “processing gain” is possible. We can make phase estimates on every sample over say 1 second. We can then average the phase estimates. This may lead to a good phase estimate at SNRs lower than we can demodulate the signal. Plucking DF bearings out of the noise. Just like the FFT of a weak sine wave in noise creates a nice sharp line if you sample the signal long enough.

This system is phase based so will be affected by multipath signals. Mounting the system with a direct line of site to the transmitter is a good idea. The histogram gives us a confidence measure, and may be useful in detecting multipath or multiple bearings. Presenting this histogram information visually on a 3D or intensity map would be a useful area to explore.

The absolute phase estimates are sensitive to frequency offset, for reasons I haven’t worked out yet. The HackRF is about 4kHz off my sig-gen at 439MHz, which shifts the phase estimates. So it might need tuning or re-calibration to a known bearing.

I haven’t worked out where the “noise” in the scatter diagram comes from. The phase is the product of several non-linearities so we expect it to jump around a bit. Given we are just interested in phase, perhaps a limiter or three could be included at some point in the processing.

Off Line Direction Finding

One neat possibility with this approach is off line DF. Imagine every time the squelch opens, we log the SDR baseband Fs=192kHz signal onto a hard disk. A 1 Tbyte disk would store 720 hours at Fs=192kHz (2 byte IQ samples). We can then then use a sound editor to jump to the position where our Mole appears for a few seconds, and run the DF signal processing on that segment. We can tweak parameters, even run it a few times, to improve the bearing. We can compare this to the same signal received at different sites across town, to get a cross bearing.

We can do this off line DF-ing days later, or download the samples and process at a location remote to the DF site. It also provides a documented record for ACMA, should evidence be required for prosecution.

Further Work

My next step is to configure the HackRF for high gain so I can try some off-air signals. The repeater output is about -70dBm inside my home office so that will do for a start. If that works I will try DF-ing repeater input signals, perhaps with the hardware mounted on a mast outside. I have a UHF BPF I will insert to prevent overload from out of band signals.

I’m hoping it will be as accurate as Doppler systems, e.g. capable of resolving say 16 different bearings on a “ring of LEDs” or similar virtual display. I bet there are many issues I need to sort out and perhaps a show stopper lurking somewhere. We shall see! It’s good to experiment. Failure is an option.

We could simplify the hardware significantly. Other mixers could be tried. The circuit is insensitive to levels so the combining could be very simple, we don’t need a hybrid. Just connect the two signals to the same node. If the mixer has poor RF-IF isolation (carrier feed-through) there could be a problem. This could be alleviated by ensuring a1 is > 10dB above the a2 carrier feed-through. A very simple approach would be using a UHF transistor for the 32kHz clock oscillator, and injecting a2 into the emitter or base.

The 32kHz transistor clock oscillator I built was hard to start. Here is the saga of getting the 32kHz oscillator to run.

More

Project Whack a Mole Part 2

Latex Source

Have to put this somewhere in case I need it again. I used HostMath to build up the equations and Rogers Online Equations to render it to a PNG.

\begin{array}{lcl}
a_{1} & = & e^{j(\omega t+\phi +\theta)} \\
a_{2} & = & e^{j(\omega t+\theta)} \\
r & = & a_{1}+a_{2}cos(w_{l}t+\alpha ) \\
& = & e^{j(\omega t+\phi +\theta)})+\frac{1}{2}e^{j((\omega+\omega_{l}) t+\alpha +\theta)}+\frac{1}{2}e^{j((\omega-\omega_{l}) t-\alpha +\theta}
\end{array}

\begin{array}{lcl}

phase_{1} & = & \omega t + \phi +\theta \\
phase_{2} & = & (\omega+\omega_{l})t+\alpha +\theta \\
phase_{3} & = & (\omega-\omega_{l})t-\alpha +\theta \\
phase_{2}+phase_{3} & = & \omega t + \omega_{l}t+\alpha +\theta + \omega t - \omega_{l}t -\alpha + \theta \\
& = & 2\omega t + 2\theta \\
2phase_{1} - (phase_{2}+phase_{3}) & = & 2\omega t + 2\phi + 2\theta -2\omega t - 2\theta \\
& = & 2\phi
\end{array}

6 thoughts on “Project Whack a Mole Part 1”

  1. I don’t understand why not downconverting the two signals with two mixers using same LO?
    You don’t need full SDR, just direct conversion to baseband (no image rejection) with a LO offset by a few KHz from the received signal and then compare the phase, assuming there is no interfering signal at the other side of the LO. You can also implement phase comparison for two cases: LO below and afterwards above received signal (with fast succession), both cases should give same result.
    Victor – 4Z4ME

  2. I was thinking that any jammer would probably use a beam antenna and bounce his signal off a large structure (water tank, tall building, etc), so maybe draw a line from the repeater to various structures, and see if the incidence angles point towards a trailer court near the railroad tracks, where these cretins usually hobo and their filthy kids pick up bottle caps and firewood.

  3. Actually this can work pretty nice. To find the tx spot (in almost real time) you will need 2 (better 3) receivers(positioned on the edge of the area you want to monitor) that you can network via the internet.
    Each “direction fingerprint” reading can be time stamped so all 2 or 3 radio direction readings can be processed to give you the TX spot.

    Technically, you may add the attenuator in the line with the a1 antenna to meet the losses in the a2 line mixer, and you can add the phase shifter in the a1 line to phase both sides of the receiver.
    If you apart the antennas for 1 lambda then the 0 phase shift should be when the signal is perpendicular to the a1-a2 antenna line and maximum shift when the signal is in line.

    1. Yes I agree, 3 DF stations with Internet connections. We don’t need to add an attenuator to equalise levels, as the system is insensitive to amplitude variations in a1 versus a2. We can take care of arbitrary phase shifts in either arm by calibrating against a known bearing. The antennas could be separated by (m+x)lambda, where m is an integer, and we would get the same results. This might be useful to reduce any interactions between the antennas.

  4. Why are you frequency shifting one antenna? Just commutate (switch) between the two (or more) antennas. That way you only need one receiver. Direct down-convert in quadrature, it makes the math a lot easier. You do not need to use something as sophisticated as HackRF as a receiver, especially at HF frequencies. An HF quadrature direct down conversion Tayloe detector can be easily built for less than $20 in parts. A VHF/UHF/SHF version for less than $100. Take the quadrature outputs of the receiver and feed them into the left and right inputs of a decent PC sound card. The sound card data can be processed in real-time and/or saved to a file for offline processing. You can pass a synch signal between the receiver and the PC so you know which antenna is being received at any given time. The synch signal can be a hardware input (traditionally this was passed to something like the serial port’s DTR line), or via a tone on one of the audio inputs. An interesting application of a direct down-conversion scheme like this is locating many antennas over a large area and returning the audio via radio links and/or phone lines where they are processed. Once calibrated, a wide area direction-finding system like this can be very effective.

    1. I am frequency shifting to multiplex two received signals into the SDR. Commutating is ugly, lots of problems with that in Doppler systems (e.g. switching noise), and you need to sync it to the SDR samples. Not sure how I’d obtain two clean signals from commutating, it would be like adding a sampler, so the math would be all different. A simple mixer/LO as above is much more elegant.

      I’m using the HackRF as that’s what I have. The SDR choice is not an important part of what I am exploring here. Sure, many other SDR options are possible.

Comments are closed.