KrakenSDR Direction Finding P25... is it possible?

[hruskacha]

The KrakenSDR is a phase-coherent SDR five RTL-SDRs inside. This allows for RF Direction Finding. I heard people say that accuracy under worst conditions is 20-50m. But not knowing what they mean by "worst conditions", I thought of something I think is nearly impossible, but would be a very interesting experiment... Can it track Public safety via Trunked P25?

So first things first... This might get sketchy, especially if it works, but I just want to explore the possibilities. I don't intend on any unlawful activities.

So Digital Trunked P25 Phase 1 works by using a control channel to give orders for listening radios to tune to a trunked frequency when their selected talkgroup is active. So by listening to this frequency and decoding it with either SDRTrunk, Unitrunker, DSDplus, or other software, we can then get the following information...
Radio ID of talking radio (must be identified already, look at RR wiki, or listen for yourself), Base Frequency ("repeated" signal from towers), Mobile Frequency (radio to tower frequency, short range).

With that basic info, KrakenSDR should have what it needs to do some direction finding. The KrakenSDR will use Control Channel info to listen for a target Radio ID on the Mobile Frequency if it is in range. It wont be perfect, but a highway patrol officer relaying speeding car info should be an ideal scenerio.

Things to consider... radio transmissions are usually short, under 4 seconds and they arent too frequent. So not only do we have to be close, but we have to be there at the right time.... So what if instead of a car mounted KrakenSDR, there were multiple fixed units across town and they work together, not only do you disperse the receiver for greater coverage, but you also can spread out the antennas for greater accuracy.

What do you guys think? would it work to some degree?

 

[dlnorth]

The KrakenSDR is a phase-coherent SDR five RTL-SDRs inside. This allows for RF Direction Finding. I heard people say that accuracy under worst conditions is 20-50m. But not knowing what they mean by "worst conditions", I thought of something I think is nearly impossible, but would be a very interesting experiment... Can it track Public safety via Trunked P25?

So first things first... This might get sketchy, especially if it works, but I just want to explore the possibilities. I don't intend on any unlawful activities.

So Digital Trunked P25 Phase 1 works by using a control channel to give orders for listening radios to tune to a trunked frequency when their selected talkgroup is active. So by listening to this frequency and decoding it with either SDRTrunk, Unitrunker, DSDplus, or other software, we can then get the following information...
Radio ID of talking radio (must be identified already, look at RR wiki, or listen for yourself), Base Frequency ("repeated" signal from towers), Mobile Frequency (radio to tower frequency, short range).

With that basic info, KrakenSDR should have what it needs to do some direction finding. The KrakenSDR will use Control Channel info to listen for a target Radio ID on the Mobile Frequency if it is in range. It wont be perfect, but a highway patrol officer relaying speeding car info should be an ideal scenerio.

Things to consider... radio transmissions are usually short, under 4 seconds and they arent too frequent. So not only do we have to be close, but we have to be there at the right time.... So what if instead of a car mounted KrakenSDR, there were multiple fixed units across town and they work together, not only do you disperse the receiver for greater coverage, but you also can spread out the antennas for greater accuracy.

What do you guys think? would it work to some degree?

I don't think it would work very well in your highway patrol scenario. Several problems come to mind, including one that you mentioned. Transmissions from the mobile radio would be short. It would likely take a lot of those short transmissions to DF the source. Mobile radios also don't put out the same kind of power as repeaters do, so you would have to be relatively close to the mobile radio while it was actually transmitting, and the mobile radios would be mobile, not stationary for extended periods of time. The TX frequency of that mobile radio would likely change with each TX. So I assume you would have to change Kraken's settings repeatedly to update the frequency you're monitoring. Speed traps are not static locations. In my area, they rotate quite frequently. A trooper might do two or three stops at one spot, then move to a new one and work that area for awhile. There are also "directed enforcement" details, where the trooper will have to sit at a list of predetermined locations for a certain amount of time, then move to the next, regardless of how many stops you make. Lastly, the location of the mobile transmission is almost certainly going to be somewhere other than where the highway patrol officer is monitoring speed. Once a speeding vehicle is detected, that officer would have to safely enter traffic, which isn't always the quickest and easiest thing to do. After that, the officer would need to catch up to the speeding vehicle and get close enough to call out the vehicle registration. Protocols vary from one jurisdiction to another, but some agencies don't actually call out the registration until the vehicle is being pulled over, which would delay the transmission even longer. Others will have the officer call out the registration as soon as it can be obtained so the vehicle and owner can be queried through various local, state, and federal databases. Regardless of policy, the location where the mobile transmissions are emanating from is likely to be some distance away from where the actual speed trap is. So, in short, I think you'd be better off investing in a good RADAR detector and/or use WAZE if you're looking to ID speed trap locations.

What I DO think would work on a P25 system is if you DF'd the control channel, rather than a mobile frequency. Depending on what you were trying to do, that may work. Some control channels rotate, while others are relatively constant. They should be very easy to ID and lock onto on smaller systems. Larger systems with a large number of rotating control channels should prove to be a bit more challenging, but I don't see that as a show-stopper. It would just take longer to DF the sources. You're not going to ID any speed trap locations, but you should, at least in theory, be able to ID the locations of P25 system towers. I think something like KrakenSDR could be useful for those who are interested in identifying unidentified tower locations. For example, I can pick up several control channels in federal bands that I haven't been able to identify. Knowing the locations of the P25 system repeaters would be very useful when trying to ID the system and local users. There are also a few federal systems that I can RX and ID, but I have no idea where their local towers are located. KrakenSDR would likely be useful in identifying those transmitter locations.

Another potential use for KrakenSDR that I have considered for a fairly local P25 system is creating my own RF coverage map. I've seen the maps provided by radio vendors. They're based on computer predictions, not actual drive testing. I would prefer to make my own coverage maps at times, so I know where a given radio system does or does not have coverage. One local repeater in particular is 5 miles from my house, but I'm unable to receive it. I have to drive to within a mile of the repeater to receive the control channel. I'd like to map out the actual RF footprint of that repeater so I know where I can and can't receive that signal. I think KrakenSDR would be a good tool to use for that task.

So, I think there are some potential P25 uses for Kraken, but I don't think it would be a good option for identifying speed trap locations. Having said that, my opinion is based on what I have read and videos I have watched rather than actual Kraken usage, so I could be completely wrong.

 

[dickie757]

I dont have enough time to write a wall of text, but check this project out:

GitHub - ckoval7/df-aggregator: Networked DFing software that can handle multiple DOA receivers.

Networked DFing software that can handle multiple DOA receivers. - ckoval7/df-aggregator

github.com

There might be more in a linux distro

 

[radiosniffer]

Does anyone have or used the KrakenRF lately to direction fine other signals? CB stations, etc etc?? Thinking of getting one if they are still an option.

 

[merlin]

DFing a site should work OK if you are in range, DFing like a talk group or UID the setup would have to track voice channels.
I know nothing about the KrakenSDR, but sounds interesting. Looks like it works a bit like Lo-Jack.
CB T-hunt dream.

 

[Project25_MASTR]

In theory the idea is plausible. At one point there was even a company that was advertising an AVL system for simulcast that worked off the principal of TDOA as part of their interference mitigation suite for TDOA.

Just keep in mind though one of the next things coming down the pipeline is fully encrypted control data due to some of the observed security issues of control data tracking that has been implemented by non-hobbist for nefarious purposes.

 

[Token]

The KrakenSDR is a phase-coherent SDR five RTL-SDRs inside. This allows for RF Direction Finding. I heard people say that accuracy under worst conditions is 20-50m. But not knowing what they mean by "worst conditions", I thought of something I think is nearly impossible, but would be a very interesting experiment... Can it track Public safety via Trunked P25?

I think you are blending / confusing / mixing a couple of concepts. RFDF and geolocation.

The KrakenSDR can do RFDF. And some of the associated software can do Geolocation, essentially via Synthetic Aperture. But, RFDF and geolocation are two different things.

All the Kraken provides is 1 dimensional direction of arrival (DOA). Yes it does it via a cool phased array type technology, but it is still just 1D DOA. A basic angle cut, saying the target is out there along this angle of bearing, at some unknown range. You cannot, generally, get location from this information (yeah, EIRPs and calculations, but lets not go there).

But, by moving the Kraken and taking another cut, you now have two different 1D angle cuts of the same target. Kind of like what you would have with 2 separate RFDF locations working together to triangulate the source. The two 1D angle cuts intersect someplace, that intersection is the location of the source, +/- all the errors and granularity of the system. The more samples you take (you generally do not do triangulation with only 2 RFDF sources), from more locations even though done with one physical Kraken, the greater the accuracy of the calculated location as the errors get smoothed out.

The Kraken DOA is more or less instant, minus processing time. That means that very, very, short transmissions can give you a valid DOA. With the Kraken I have managed valid DOAs while looking at sub 1 second transmissions.

But, the geolocation takes time. It can only occur as part of the process that establishes a baseline of positions and DOAs from each point along that baseline. The faster the motion of the Kraken platform (building a longer / larger baseline), the faster the geolocation will occur.

<<<<snip>>>>

With that basic info, KrakenSDR should have what it needs to do some direction finding. The KrakenSDR will use Control Channel info to listen for a target Radio ID on the Mobile Frequency if it is in range. It wont be perfect, but a highway patrol officer relaying speeding car info should be an ideal scenerio.

Yeah, not going to get into identifying individual units IDs and such, but that should be possible under current architectures. However, the Kraken software does not look at each signal in enough detail to individually plot DOAs and "target tracks" via ID.

So, could it be done with the Kraken hardware? I think almost certainly. But, the existing software could not do it (track multiple targets and process them individually).

Things to consider... radio transmissions are usually short, under 4 seconds and they arent too frequent. So not only do we have to be close, but we have to be there at the right time.... So what if instead of a car mounted KrakenSDR, there were multiple fixed units across town and they work together, not only do you disperse the receiver for greater coverage, but you also can spread out the antennas for greater accuracy.

What do you guys think? would it work to some degree?

Now you are, kinda, talking about something that is already working. Or at least being worked towards. Look at the Kraken Pro Cloud Mapper.

Take multiple different Krakens and seed them in a desired area of coverage. Each Kraken will give a DOA for each transmission detected. Those DOAs can be plotted, in software and near real time, and the intersection of each set of DOAs yield a point of source.

Sure, the current software does not look at information in the transmissions to correlate a given transmission or sets of transmission to one source, such as via unit ID. But, that would probably not be a difficult feature to add if that was actually a desired specification. That might require a separate SDR to do, i.e. the Kraken gives the DOA, time tags the data, and a separate SDR decodes the unit IDs, also time tagging the data. And then corelate the two sets of data.

So yeah, I think you could get there. No, you will not do it with the existing software suite.

But, if you are going to go to all that trouble, TDOA instead.

TDOA has the potential to give accurate 3D geolocation on a sub second transmissions, in near real time.

T!

 

[Token]

Does anyone have or used the KrakenRF lately to direction fine other signals? CB stations, etc etc?? Thinking of getting one if they are still an option.

Yes, I have used mine, often, for various signals. However, I have never used mine below 107 MHz.

There is no reason the Kraken cannot go below 107 Mhz, down to whatever the minimum tuned frequency is (I think it is 25 MHz, but not 100% sure). I would say, no actual measurements taken but based on playing around, that you could probably do ~25 MHz to ~1000 MHz pretty well, but only with multiple antenna layouts. My antenna array setups are optimized for 110 - 150 MHz and 400 - 450 MHz. I also have an antenna array setup for 243 MHz, but I have never actually used that.

I have used the Kraken a lot in 2 meters, for radiosondes in the 400 - 406 MHz range, for 70 cm, and a bit for FRS in the 462 MHz area.

T!