RF Testing Methodology

www.nccgroup.com

Download as .zip Download as .tar.gz View on GitHub

Developing an FSK transmitter step-by-step

If you have captured some data from a target system using a receiver and you now wish to modify that data and re-transmit it (for example if you are developing an RF-based fuzzer) the following process can be followed. This transmitter is assumed to use FSK modulation (this example is actually a transmitter developed for the io-homecontrol protocol)

Data source

The assumption is that you start with a data file containing the binary data bytes you want to send

Create a new flow-graph and set the "samp_rate_tx" variable to 4e6

Add a "File Source" block and set the file to be your data file. Ensure that "Repeat" is set to "No" (unless you specifically want it to repeat)

Set the Baud rate

Having received the data, you should already know what the Baud rate should be set to. Add a new "Variable" block called "baud_rate" and set it to the correct value.

Modulation

Add a new "Variable" called "sps" (samples per symbol) and set it's value to be 10

Change the default "samp_rate" "Variable" block to 384000 (10 x Baud rate, as we want 10 samples per symbol)

Add a "GFSK Mod" block, which will modulate the data using FSK. Configure the following settings:

Your flow-graph should now look like this:

Resampling

We now need to match the sample rate of the data with the transmitter (as it is the final sample rate of the transmitter that will actually determine the rate that the data is transmitted).

Add a "Rational Resampler" block with the following settings:

Adjust the signal level

We don't want to overload the input to the transmitter so we need to attenuate (reduce) the signal level.

Add a "Multiply Const" block and set "Constant" to be 0.8

Configure the transmitter

We are now ready to transmit the signal.

Add a "Variable" block with the name "freq" and value equal to the transmit frequency:

Add an "osmocom Sink" block with the following settings:

The complete transmitter flow-graph should now look like this:

Communicating with the transmitter in real-time

Rather than using a file as a source you can use a "TCP Sink" block, bind it to a socket and send it data via TCP