mirror
/
dji_droneid
kopia lustrzana https://github.com/proto17/dji_droneid
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Updated Home (markdown)

master
proto17 2022-04-11 23:03:00 -04:00
rodzic 690e64c1c0
commit c2aed65bed
1 zmienionych plików z 23 dodań i 1 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

24
Home.md

@ -9,7 +9,29 @@ Below are the overall steps taken:
- OFDM symbol extraction
- Scrambler generation and application
# Information Known Ahead of Time
There were some very important parameters that were known going in:
- Occupied bandwidth: ~ 10 MHz
- Modulation type: OFDM
- Burst duration: Very short (no actual number initially, just that it was only a few OFDM symbols)
It was also known that the signal looked a lot like LTE, and used some LTE features. What that ended up meaning is that the actual signal bandwidth was 15.36 MHz (LTE downlink signals with an occupied bandwidth of 10 MHz are actually 15.36 MHz wide [1].)
[1] https://www.rfwireless-world.com/Terminology/LTE-bandwidth-vs-sampling-frequency-vs-resource-block.html
# Signal Collection
I used a DJI Mini 2 for my analysis. Please keep in mind that not all drone models or firmware versions are always going to generate the same signal structure!
Once the drone was registered and powered on, I used GNU Radio with gr-fosphor to hunt for the Drone ID signal. I knew ahead of time that it was a 10 MHz wide signal that came from the drone. To help keep the signals from the controller from confusing me I placed the SDR next to the drone with the gain low, and the controller in another room.
Once the drone was registered and powered on, I used GNU Radio with gr-fosphor to hunt for the Drone ID signal. I knew ahead of time that it was a 10 MHz wide signal that came from the drone. To help keep the signals from the controller from confusing me I placed the SDR next to the drone with the gain low, and the controller in another room. Then I scrolled through 2.4 and 5.8 GHz looking for signals that were 10 MHz wide and bursty.
What I found from that was that there were a handful of frequencies that matched the description:
- 2.4595 GHz
- 2.4445 GHz
- 2.4295 GHz
- 2.4149 GHz
- 2.3995 GHz
This is likely not an exhaustive list, and I've heard that some drones also send DroneID in 5.8 GHz.
One issue with recording Drone ID is that it transmits very infrequently (about every 640 milliseconds), and hops around from frequency to frequency (see the list above). So, if you want to capture bursts you might have to record for several minutes, which at a sampling rate of 15.36 MSPS (more on this later) is 61.44 MBytes per second for complex shorts, or 128.88 MBytes per second for floats.