Monitoring Spread Spectrum

[PHOENIX_SCANNER]

How hard would it be, and what would be involved with trying to monitor a spread spectrum telephone. For the sake of any radio cops, we will assume that it is one's own phone, so no laws are being broken.

There is no encryption involved, so if a fast enough computer was tied in with a scanner or series of scanners would it be possible?

Also, even with frequency "hopping" shouldn't pieces of conversation be heard if one were to scan th2 900 mhz phone band, or are they bursts just too short?

 

[N_Jay]

Spread Spectrum is a name for a large number of different modulation techniques.
Many are digital, but some are analog. Even the analog may not be traditional AM or FM at its core.

It is not One thing.

Most would be hard for a hobbyist to monitor, and other nearly impossible without starting with a compatible piece of equipment.

 

[RayAir]

WJ-36400 - Spectrum Monitoring System
The WJ-36400 is easily transported and may be installed in either a transit case of rack. A cost effective superhetrodyne microwave receiver with frequency coverage from 80 MHz to 18 GHz. The scan rates, sensitivity, and wide RF/IF bandwidth exceeds that of most spectrum analysers. This system is very popular for in-place monitor of classified areas, SCIF's, and screen rooms.

WJ-8654 Miniature VHF/UHF Microceptor Receiver
The WJ-8654 Microceptor is an extremely small VHF/UHF general purpose receiver with frequency coverage from 20 MHz to 1 GHz. The HFE option extends the lower frequency range to 500 kHz, and the FE option extend the "upper side" all the way to 2.4 GHz. Standard AM, FM, CW, USB, and LSB detection modes. Subcarriers are detected by looping the output of the radio into an HF receiver such as the WJ-8710A (see above). The WJ-8654HFE may be tuned all the way down to 0 Hz (pure DC) with degraded performance. The WJ-9168 Signal Monitor Module is a very popular addition to the WJ-8654, which take two IF inputs of 21.4 MHz and creates a real time panoramic display. The entire system including the WJ-8654, HF extension, Microwave Extension, and Signal Monitor Module weighs less then six pounds, and measures only 4.5 * 3.0 * 7.8 inches. Six complete systems, battery pack, antenna, and laptop will easily fit into a standard briefcase (with room to spare).


You will probably need equipment like this. If it was just spread spectrum with out hopping , you could probably do something with wide band receive equipment, assuming you can demodulate the signal.

 

[maxpi]

I think all spread spectrum involves frequency hopping, that's how you spread the signal over some spectrum. The hops are vary short, no single one is intelligible. The only way you can know a spread spectrum signal exists is to notice the rise in the noise floor... it just hit me though.. if one had a Digital Signal Processing radio that could recognize the variations in the noise level, one could possibly decode the frequency hopping sequence... but if the sequence is encrypted and not just a repeating thing, forget about it...

Edit: Oops, I read a little more tutorial level stuff on spread spectrum, it can be frequency hopping or it can not be hopping exactly, and it's encoded with psudorandom patterns so my guess is that it is going to be pretty difficult to monitor..

 

[N_Jay]

I think all spread spectrum involves frequency hopping, that's how you spread the signal over some spectrum. The hops are vary short, no single one is intelligible. The only way you can know a spread spectrum signal exists is to notice the rise in the noise floor... it just hit me though.. if one had a Digital Signal Processing radio that could recognize the variations in the noise level, one could possibly decode the frequency hopping sequence... but if the sequence is encrypted and not just a repeating thing, forget about it...

No, not all spread spectrum is frequency hopping.

Even with Hopping you won't know how long the sequence is unless it is so short it is repeating quite often.

Yes, if it is simple hopping you could find the sequence and follow it, then decode the data, then try to decode the channel coding, then try to decode the vocoder, and then you would have your audio.

 

[maxpi]

Well, no problem, we just need some DSP software running on a quantum computer and we will be scanning spread spectrum all day every day....

 

[PHOENIX_SCANNER]

I'm sure the NSA has equipment like that mentioned above that when properly set up can monitor any cordless or cellular conversation in real time , or should I say many such conversations in real time.

 

[zz0468]

Just plucking a signal off the air and attempting to decode it would be close to impossible, at the hobbyist level, but reverse engineering a spread spectrum cordless phone to see how it works would be relatively easy. BTW, spread spectrum is allowed on the amateur bands, with certain restrictions. I am aware of a number of implementations of spread spectrum links using off the shelf equipment adapted for amateur use. Use an identical piece of equipment, set it for an identical code, and recovering the baseband data is easy.

The concepts involved are pretty understandable. The problem is, there are an infinite variety of ways to implement the concepts, and you have to get it exactly right or there's no recovered audio.

 

[W6KRU]

Use an identical piece of equipment, set it for an identical code, and recovering the baseband data is easy.

That is the tough part. How would you find the "identical code" unless the other person provides it to you?

 

[zz0468]

That is the tough part. How would you find the "identical code" unless the other person provides it to you?

You'd probably be surprised at the small number of available spreading codes a lot of commercial equipment is provided with. BTW, I'm not talking about encryption codes. I'm talking about chip codes used on commercial direct sequence spread spectrum radios. One popular product only has 9 available codes to chose from. The purpose is not to provide security. The purpose is interference avoidance from other, identical radios.