Introduction of

USRP and Demos

by Dong Han & Rui Zhu

Introduction

• USRP(Universal Software Radio Peripheral ):

A computer-hosted software radio, which

is commonly used by research labs,

universities.

Motherboard + Daughterboard

Introduction

USRP(Universal Software Radio Peripheral ):A RF frontend, FPGA and an OMAP 3, which includes an ARM

processor and a DSP. This allows standalone operation for

embedded applications. A modular design allows the USRP E100 to

operate from DC to 6 GHz.

Daughterboard: WBX 50-2200 MHz Rx/Tx

• The WBX is a wide bandwidth transceiver.

• It is ideal for applications requiring access to a number of different

bands within its range - 50 MHz to 2.2 GHz.

• Example application areas: land-mobile communications, maritime

and aviation band radios; cell phone base stations, PCS and GSM

multi-band radios; wireless sensor networks; broadcast TV.

The USRP hardware driver (UHD)

• The USRP hardware driver (UHD) is the device driver for

use with the USRP product family.

• Support : Linux, MacOS, and Windows platforms.

• Several frameworks including GNU Radio, LabVIEW and

Simulink use UHD.

Software frameworks that support UHD

• GNU RadioGNU Radio is an open source toolkit that can be used to develop

software-defined radios. This framework uses a combination of C++

and Python to optimize DSP performance while providing an easy-

to-use application programming environment.

• LabVIEW

• MATLAB and Simulink

• Custom and/or proprietary frameworks

Dome 1

Demo 1- FM Receiver

• Background

FM stands for frequency modulation, which is the process of

encoding a message signal, such as music, in the frequency of an

RF signal. Broadcast FM radio around the world is typically

transmitted using center frequencies from 87.5 MHz to 108 MHz,

and each station is generally allocated a bandwidth of 200 kHz. For

this example, use the center frequency of 106.7 MHz, the known

location of a local radio station near the center of the US FM band.

Demo 1- FM Receiver

Demo 1- FM Receiver

Demo 2

Demo 2 - GSM Base station

• Background---- GSM (Global System for Mobile

Communications), is a standard set

developed by the European

Telecommunications Standards

Institute (ETSI) to describe protocols for

second generation (2G) digital cellular

networks used by mobile phones.

---- The base station contains the equipment

for transmitting and receiving signals

(transceivers), antennas, and equipment

for encrypting and decrypting

communications with the base station

controller (BSC).

Demo 2 - GSM Base station

• Structure of the mobile phone cellular network

Demo 2 - GSM Base station

• OpenBTS (Open Base Transceiver Station)

---OpenBTS is a software-based GSM access point, allowing

standard GSM-compatible mobile phones to be used.

---This project uses the USRP to present a GSM air interface to

a standard GSM handset. It’s an open-source Unix application.

Demo 2 - GSM Base station

• Hardware

Demo 2 - GSM Base station

• OpenBTS: modulation and

demodulation. Assign a channel

for every communication.

• Asterisk: play the roles of MSC. If

two communicators are in the

same OpenBTS network, build

the communication links.

Otherwise, access the VoIP

gateway to connect to the PSTN.

• MySQL: Replace the HLR（Home Location Register）and

the VLR（Visitor Location

Register）

Demo 2 - GSM Base station

Demo 2 - GSM Base station

• Official website of OpenBTS

http://wush.net/trac/rangepublic

Demo 3

Demo 3- Simulation of Wireless

Outlet Controller

• Background

– A wireless outlet is controlled remotely by a

controller. The controller uses 315 MHz

carrier signal sending information to outlet.

• Our aim and method

– Our aim is to use USRP to control a remote

outlet, that is to simulate a real controller.

– We try to use USRP to sniff the signal. Then

we analysis the signal and use USRP to

replay it.

Signal Collection (1)

• Generally, to simulate the behavior of controller, to get the signal that controls an outlet. We have two method.– One is to get signal from microcontroller. We can use

oscilloscope to get signal sequence, which is composed by high voltage and low level voltage to define 1 and 0, respectively .

– The second method is that we can sense the signature in air by collecting radio frequency.

• In the demo, we use the second way by utilizing USRP device and GNU Radio software to collect, analyze and replay the signal.

Signal Collection (2)

GNU Radio

Controller USRP

Collected Signal

GNU Radio Modules

Collected SignalThe signal that is collected by pressing the first turn on button.

From the shape of the signal, we make an assumption that binary sequence

from Microcontroller in controller is modulated by OOK (On-off keying)

modulation.

On-off keying (OOK) the simplest form of amplitude-shift keying modulation

that represents digital Data as the presence or absence of a carrier wave.

Signal Analysis

0 1 1 0 1 0 0 0 1 0 0 0 0 0 0 0

Signal Analysis

0 1 1 0 1 0 0 0 1 0 0 0 0 0 0 0

Binary sequence

Binary sequence for Turn ON

Binary sequence for Turn OFF

0 1 1 0 1 0 0 0 1 0 0 0 0 0 0 0

0 1 1 0 1 0 0 0 0 1 0 0 0 0 0 0

Final step

USRP

0110100010000000

GNU Radio

Wireless Outlet

Conclusion

• It is a very simple reverse engineering. We use USRP and GNR Radio to collect signal.

• Then we analysis the signal, and use a binary sequence to represent the signal.

• After that, we use USRP and GNU Radio to send similar signal. And the outlet is controlled by our signal.

• This method can be widely used in many scenarios. For example, some typical cases are garage gate remote opener, car gate controller, wireless toy controller, etc.

• USRP can be widely used in RF design area.