Triangulation

[madhak]

- Any parabolic shaped metalic structure with gap between element less than 1cm will work, bigger overall shape the better, make it a 25m large dish and reach the moon, literally

- Down-converter use active component in the process, they always require some sort of power, for MMDS they get their power from the receiver STB unit when normally used for digital TV

- Servo, hum what to say, you don't really need a tutorial on that, with a USB servo driver you just have to tell the position that the servo should move to the desired position, a 180 degree servo will be at 0 degree with value of 0 and 180 degree with value of 1024... How they work doesn't mater, lest assume its magic for now.

- Regarding bandwidth well a downconverter will not loose information, its just the carrier that change so instead of having your signal traveling a 2.4GHz carrier it travel a 900mhz carrier, however to represent the same information on a 900mhz carrier you need more bandwidth so a 20MHz bandwidth on a 2.4GHz carrier will take about 60MHz on a 900MHz carrier. The biggest problem is the SDR that is capable of tuning to only 2.5MHz of bandwitdh at a time, but thats enought to grab a mac address of the header of a frame but not a full frame.

Again if your goal is truly to sniff WiFi devices then a dual WiFi radio with directional antenna is WAY WAY WAY more simpler and cheaper...

Edited April 24, 2014 by madhak

[toughbunny]

Hi,

As I mentioned in the first post, my goal is more to learn about radio in a fun way than triangulating wifi devices in the most efficient way possible. This is why I am reluctant to move away from the sdr and the downconverters and such. Also, if I do it with the radio antenna instead of a USB wifi adapter, I can use the same apparatus with slight modifications (I hope) to triangulate other things than wifi devices (not sure what). Furthermore, one goal of the project is to have decently long range, and I think a grid antenna would achieve this better than a colander (would it, actually? It seems intuitive that it would, but you know better). This is why I have been clinging to the complicated radio stuff, and I'm sorry if it seems like I have been systematically rejecting your suggestions.

Here is my question: is a power injector something DIY-able, or is there no alternative to paying 100 bucks for it.

Thank you!

[toughbunny]

Hi,

I would still love to know whether the power injector is DIY-able, because that would be more fun, but I did some research and found this little thing ( http://m.aliexpress.com/item/670968406.html?tracelog=wwwdetail2mobilesitedetail ) for around $9 including shipping! Also, check this out if you are interested ( http://blog.cyberexplorer.me/2014/01/sniffing-and-decoding-nrf24l01-and.html?m=1 ) , it basically has exactly what I was looking for, which is a list of all the parts except for the antenna for cheap. I actually have a question about the reflector: could I use a cheap colander or sieve along with the mmds from aliexpress as a reflector? How long a range would I get with this?

Thank you!

[cooper]

Very interesting links you're providing here.

Regarding the reflector, as you know the existing dipole antenna on your downconverter is omnidirectional. Adding a dish of sorts will make it directional so as long as you point it the right way you get better range. How much better is something you're going to just have to discover. I can think of a few cheap options for getting the dish:

1. The colander. I'm mentioning it once again because it's really cheap. Try to get the center of the cup level with the rim of the collander (assuming the "half a ball" shape), which means that the colander will get glued onto the downconverter about halfway through.

2. A cheap wok. Remove the handle. Keep an eye on the curvature of the wok as you still want the 'focal point' if you will of the wok to align with that cup shape of the downconverter. The rounder the better, but a flattened bottom shouldn't hurt all that much.

3. Buy some chicken fencing material. Make sure the gaps are under 1cm like Madhak said before. Try to bend and fold it into a parabole shape with, again, the focal point of the shape aimed at the cup of the downconverter. If you feel the gaps are too large you can always layer the shape with foil.

4. As above, but create the shape with paper mache. No, I'm not kidding. It'll obviously not work well in an outdoor setting for very long, but it's really cheap and easy to do. Maybe you can borrow a dish somewhere, use paper mache to make a mold for the shape, coat it with foil, slather some more paper mache off it and hey presto!

Whatever you do post photographs!

[cooper]

You can always try the dump or some recycling place to see if they have a discarded one... I noticed one at a dump site a month or so ago but it was made out of (presumably coated) 10cm thick concrete (at least at the perimeter) and about 3 meters in diameter so it didn't rest safely on my bicycle.

[madhak]

Hi Swaggie, that's an interesting link you got there. Sorry if I kept insisting about the Dual WiFi antenna setup, I assumed you focused on the end result more than the learning experiment itself... If you want to learn RF please do, its a fascinating world but I feel you still have a lot to learn before tackling such project.

First you have to understand how radio frequency work, a good analogy I like to use is water wave, RF are essentially wave so once you understand that concept you will be able to visualize the type of antenna you need. the way a parabolic antenna work can be easily visualized in a pool, then you hit the water, it will make wave, when wave hit the curved side of the pool they will bounce and the wave will converge at a specific point, at the convergence point the wave will be higher then anywhere else, that's what parabolic antenna do, they take a faint wave and focus it in a narrow point so its easier to extract the information the wave contain because it stand out more than the background noise, which can be visualized as all the little random wave that wander around the pool...

So essentially you want to have a dish as big as possible to capture as much of faint signal as possible, larger the better. The reason grid antenna work is because radio frequency have much larger wave length than visible light, while visible light can pass trough the space between the grid, RF frequency cant and as far as they are concerned its a solid surface as long as the spacing between the mesh is inferior than the wave length.

Wavelength; the lower the frequency, the longer the wavelength, this is also why a FM Radio antenna is much longer than a WiFi antenna. wavelength is the distance between each peak of the wave, you can only carry information on those peak so the more peak you have the more bandwidth you have, higher frequency = more bandwidth = more information.

So for each different frequency you will want to monitor you will need a different antenna, if you go to higher frequency like 5.8GHz and above your dish reflector will need to be more opaque, because your are getting closer to visible light, for example a satelite TV dish is solid, because it work at 20GHz, if it was a grid the hole would need to be very small, the only reason they use grid antenna when possible is because if has better resistance to wind. You can use a 20GHz parabolic dish to capture lower frequency but not the inverse.

Now about distance, there's no such thing as a distance in RF, only dB, because the distance will depend on the transmitting power, attenuation (mountain, building, fresnel), background noise (interference). In the best case scenario, distance is equal to the square root of the ERP (effective radiated power) which is a composite of power and gain, that's why its much easier to talk in dB where for every 3 dB you double the distance... But again, that distance is relative here, not absolute so we cant talk in meter, just in dB... dBi are different than dB, dB is how strong the signal is, dBi is how much the signal is focused... Note that strong (dB) is not equal to loud (W), W make it loud, but just because you turn the volume up doesn't always mean you will hear better, just like speakerphone doesn't make the conversation better, even sometime worst, that's why booster are not so effective.

I could probably go on forever and end up writing a book lol but here's a few link to get you going;

First, study the HAM resources: http://www.qsl.net/aa0ni/toc.html

Also, understand the spectrum: http://en.wikipedia.org/wiki/Electromagnetic_spectrum

Then antenna theory: http://www.antenna-theory.com/

More RF stuff: https://www.youtube.com/results?search_query=how+radio+wave+work

Understand what is a Photon: https://www.youtube.com/watch?v=aAcDM2ypBfE

After that maybe a bit of quantum physic, at least the basic stuff, what is a field, photon, electron, youtube have a lot of visual explanation

If you have any specific question I will be happy to help you.

Edited April 25, 2014 by madhak

[toughbunny]

Hi again,

Sorry about the long silence. I have read the material you advised, and believe I have grasped the basics. I am now wondering about the separation ( in distance) that the two antennae would have to have between them in order to have reasonable accuracy. Oh and I feel stupid asking, but I've been assuming I would just use generic coaxial cable to link the components? I was also wondering if free 3d maps exist for purposes of 3d triangulation, and how 3d coordinates would work, geographically, and also if there is a way to get a 3d plan of a building to see, for instance to see what floor a building is on. I'm also sorry to say that I have little experience with the software part (maybe I should bring this part elsewhere?), but madhak you said you were working on something similar, so maybe you have some pointers?

Thanks!

P.S. I am still stuck on the reflector, but I think I can make something reasonably good out of chicken fence and balsa wood. The problem is that I think the largish balsa wood frame that is necessary would get in the way of the rotation of the antenna (still not quite sure about that part either), would be quite bulky, and might be too light for the antenna itself, which looks rather heavy.

[cooper]

Kudos on starting a truly fascinating topic. I'll let madhak answer as this is all way, WAY out of my league. The only thing I'm fairly certain about is that you would want good quality, low-loss coax and yes, that is a link to the wikipedia page of coaxial cable, but it has a nice table showing the types of coax and their properties. Particularly the comments field describing the loss on various levels of LMR should be to your liking.

Fact is, good cable costs money, but it'll be worth it if you want to get a decent signal across.

[toughbunny]

Ok hi again,

I just wanted to say I did a little more research and updated my materials list, I'm taking this mmds: http://www.aliexpress.com/item/Best-Selling-MMDS-Down-Converter-L-O-1998Mhz/1651236048.html instead of the other because I'm currently in France and the shipping cost to France for the other one is 50 bucks. I also found this chart: http://www.universal-radio.com/catalog/cable/coax.html showing different coax cables, and I thought the rg123 looked nice ($13.35 for 15 feet, is that about the length I need?).

Thanks for the help!

[toughbunny]

Sorry, I said the rg123 looked nice. I meant rg213.

Thanks!

[cooper]

Sounds decent but the LMR-400 cable I would also consider worthy of consideration. It's got 40% the attenuation of the RG-213 which I think is what you want.

How long a chunk of cable you need is very much dependant on your setup. It's just the cable to connect 2 components. How far apart should they be? That's the minimum needed length I guess.

[madhak]

Hi again,

About the antenna separation distance well the further they are the better but its really just a matter of how precisely you can calculate the angle, for example, our eye are capable of evaluating the distance of anything at lest than 100m yet they are spaced less than 10mm, everything further are difficult to assess the distance, if you increase the separation distance you can calculate further distance.

Regarding 3D map, I plan to use google map, most of the building in Montreal are mapped in 3D but for my application i'm only interested in the 2D plot.

Cables is the biggest killer here, keep them short, put the receiver unit as close as possible to the antenna and run USB cable instead of Coax... I usually put a 10" patch from the antenna to the RX or DX then I run longer cable from the processed signal to the computer. I like this one: http://www.dpcav.com/xcart/SMA-to-SMA-Patch-Cable-Semi-Rigid-RG-402-Coax.html

Regarding my own project well it started with this, cost me about 2K...

http://madhak.com/?p=499

I abandoned the project after testing the 1st units I was getting good result but its very complicated, bulky, heavy and expensive so I went an other route

http://madhak.com/?p=931

This one cost about 500$ and I can make 4 for the price of a tracker.

My main goal is to plot a heat-map of the RF spectrum across different band and time to find path where I can maximize the operation of drone. I found that my range vary greatly depending of the location an time of day so with this tool i'll be able to plan my path in order to maximize the RF range while staying at low energy RF, I do have huge booster that can go hundred of kilometer but I have a feeling that the CRTC (Canadian equivalent of FCC) will be knocking at my door soon, so staying at 100mW is my goal, to do that I need distributed relay and RF site survey.

Edited May 14, 2014 by madhak

[toughbunny]

Hi,

I did some thinking about the software part (please tell me if I should take this elsewhere, I don't want to be a nuisance) and this is what I think I want it to do: First scan for ssids in the 2.4ghz range, so I know what is availae to triangulate. Then analyze the signal from the sdr, decode probably with gnu radio, and say every 10th of a second pick out the signal and signal intensity originating from a certain preset device (ssid), then store all the information and go through it to pick out the reading where the signal is strongest. It would then, (I guess based on the time at which the strongest signal was recorded relative to the beginning of taking all the readings, assuming the servos are set to move the same way every time) take the servo coordinates (if such a thing exists) from the point at which the strong signal was recorded and turn them into geographical directional coordinates on a map. It would do the same thing on the other side with the other antenna, and draw different direction coordinates on the same map. I guess it would calculate the linear equation based on a north axis and a west axis and solve for the point of intersection.

Unfortunately, I really have either no idea or a very foggy notion of how to do this, sorry if I made myself out otherwise. Any advice? This, I think, is going to turn out to be the trickiest part, because I really am completely in the dark on this one.

Thank you so much!

[cooper]

Oh nonononono! You're staying riiiiiiiiiiiiiiight here. :-)

Except for maybe Madhak I think we're all winging it here and I donno about you but I'm loving this whole discovery process. First question is if it's really SSIDs you want to be scanning for since only APs send those out and they tend to be fixed. The original goal was to track people by their cell phone IIRC. So you would have a regular wifi card monitor the 2.4GHz spectrum looking for cells calling out for any APs they know about. Running parallel with this you should have those two big things you found to pull the signal into the SDR's workable spectrum so it can receive it too. The two SDRs can then assess the signal strength. With this you have a fairly unique set of SSIDs known to a cell that you can use to identify said cell, and you have 2 signal receivers that tell you how strong the signal they saw at that point was. By initially doing a bit of calibrating using just your own cell within range of this setup, you should have an idea of the distance between a receiver relative to the power of the signal, so you can effectively draw a circle on a map around your receiver and say that, going by that receiver, the cell should be somewhere on that circle. Do the same with the other receiver and you should now have 2 circles on a map that intersect at 2 possible places. That's where your cell is at.

If you set things up against a wall or your receivers are directional and both pointing in the same direction, you should only draw half a circle for each receiver, have just 1 intersecting point and that's where your target cell will be.

Does that make sense?

[toughbunny]

Hi,

A few questions. Would it be easier to do this with MAC address instead of ssid, because I beleive the cells send these out, so I wouldn't have to go through an AP. Also, how would I assess the signal strength? Wouldn't a regular wifi card just scan the network I'm currently connected to? Is it necessary to do this with circles, if I try with MAC addresses, or could I not just draw a line towards wget the signal is strongest? How would I filter the brute radio signals by MAC address 10 times a second in this case, I don't believe I could decode them that fast. And finally, would I actually have to take a physical map and pencil and draw a two circles or lines, or is there some way of composing scripts that would automate this?

Thanks!

[cooper]

If there's a MAC address in there, definately go for that.

Assess signal strength - not a clue. You'll need to get some readings in and look at the data. That does imply there's a chance you will NOT see something that can be considered signal strength in which case it's been a lot of fussing for naught.

Drawing a line towards is easier, but it means your antenna will have to be moving like in a radar dome and find out at what angle the signal is strongest. Problem is also that the signal comes in in bursts rather than continuous so that makes it harder to do this - you could've overshot your target in between 2 packet transmissions. By going with the circles your receivers can be stationary and scan continuously rather than trying to chase a signal to assess the direction where it's the most potent.

Performance - you monitor and see a burst of someone screaming for his APs. When there isn't any other traffic (and this is the caveat) you will have this chunk of traffic isolated and you'd be good to go. It would be SO much easier if a wifi adapter in monitor mode would include signal strength on a received signal...

I'm certain this drawing and composing can be done with a little math to find the exact position allowing you to provide a point to Google Maps. This is actually the easy part.

[barry99705]

Don't forget your environment is going to mess with the signals a bit. Trees, hills, water, buildings all affect the signals you receive. Trees and vegetation will attenuate the signal(make it look farther away), buildings and bodies of water will bounce the signal(false direction). Also the current weather will change the signal.

[toughbunny]

Hi,

I think i coule find a way around the problem of phones looking for ap's in bursts if I knew how often it sends out a request, then adjusted the servo speed to that. The way I see it, I think it would be a lot more strait forward to do it with the lines instead of the circles, because not only would I only have one possible location, but I also wouldn't have to work around all this environment attenuation stuff, as I wouldn't need to estimate the distance to the target but just where the strongest signal from it is from. Please orrect me if I'm wrong. Software wise, there is one major thing I really have no idea how to do, which is filtering out the results by MAC address. Also, if you have any specific pointers or reference links in general about composing this software, that would be incredibly helpful, because I am really getting scared by this part. Just for the mapping, I imagine I would use google earth, but apart from that... I was also wondering if a raspberry pi could be the computer attached to the whole setup (I'm guessing not, I think I would need way more CPU for the sdr decoding, but thought I'd ask.) About the antennas, do you think I could cut the downconverters of the two mmds and attack them to two DIY yagis instead? This way I wouldn't have to screw around with reflectors and stuff making it a lot more compact and more portable and rotate-able and easier and prettier.

Thanks so much!

[toughbunny]

Hi again,

This is probably useless but I was just reading over my last comment and realizing how many mistakes there are so sorry about that. I wrote it late at night from my phone so I wasn't totally lucid at the time.

Sorry again!

[toughbunny]

Hi again,

While I'm waiting for the two sdr's to ship from dealextreme (from what I can tell it takes a REALLY long time. Anybody have any experience with them?) I was going over what I need a bit and have decided on a few main obstacles. The antenna would obviously have to be highly directional and have really good range. Does anybody know how to make a really durable yagi (I think that would do the job) that meets these criteria and works on 2.4ghz? I am assuming I can chop the downconverters off the two aliexpress dipoles and use them on other antennae (do you think this would work?) As far as software goes, I have a notion of what I want it to do (pick up highest signal intensity from given device, triangulate it, get coordinates of point of intersection, map) but how to write this I do not know (sorry if I repeat myself). Any pointers on how or where I can find how to write this? There are also a few questions of practicality. Would it be possible to program the servos to track the signal (of course not directly, but by connecting the controller to some program I have no idea how to write) once it locks on to it? This way I could triangulate moving things as well as stationary ones. Also, I saw in one of your (madhak) projects that you have two antennae mounted on one tripod. Would this be possible with my project? Or would the accuracy not be great enough or the rotating antennae would get in the way of each other? Also, I thought it would be cool to have the computer used be a raspberry pi, this way I could just put everything on the tripod(s) and not have a bulky laptop in the way. Is the CPU powerful enough? Are there other worries about that?

Thanks so much for all the helpful responses so far!

P.S. You may have noticed I changed my name from swaggie to toughbunny. I'm not sure if it's much of an improvement, but this way I'm not part of the swag/YOLO movement which I try to keep out of. Anyway, it's still the same me!

[cooper]

Got some experience. DX in general has same-day shipping but the actual delivery in general takes about 3 to 4 weeks. In case of a LiPo battery and charger I've been waiting for 5 weeks now and I've been told that it can take up to 6 weeks to get here, probably due to the hazard that a LiPo battery poses and thus they need to ship via another route (my own assumption). Yes, I'm still waiting.

A durable, high-gain DIY yagi is the yagi in a can by Andrew McNeil. It's on youtube and probably also as an instructable. Requires a nice, straight can (he's using a toilet brush holder), some plexi, a roll of thin copper tape (used to make guitar amps), an SMA connector and some good quality coax. You'll also need the print of a template, probably a ruler, two chunks of wire as long as your plexi is wide and something to isolate the sma connector from the can - he used a plastic grommet. Finally a plastic cover plate to close the can up. In parts this antenna can probably be made for roughly 10-20 bucks and an hour or 2 of your time.

I thought he was using an Ikea toilet brush holder (the cheapest, white things they sell) so I got me 2 of those but it seems that the one he got has a sealed metal bottom whereas the current model is open at the bottom. The 'lid' of the can is WAY wide - the diameter is anywhere from 5 to 10 mm wider than the diameter of the can itself. What I intend to attempt is to just dremel off the excess and solder it shut. Because of the hole in the lid (intended for the brush's stick to poke through) you already have the opening for the SMA connector and your problem is going to be how to close it up as it's also way wider than the SMA connector.

No idea how hard or even possible it is to detach the dipole. If you take into account the drawing where they had the dipole as the receiver and the other side was attached to a dish, it might be worth while to create your own dish. We discussed this before but I don't know what your feelings by now have become on this subject. The dipole, used in conjunction with a dish, makes for a VERY good and directional antenna I've been told. Google Wok-Fi for some similar examples.

How to write - just go one step at a time. First order of business is to get the hardware. Next comes signal intensity detection. Then there's the moving about of your antenna (hardware to make it move, decide on the speed of movement, etc). And then there's determining the actual angle your antenna is now under when you measure a signal. At this point you have all the info to be able to draw a straight line on a map starting at the exact location of your antenna and moving in the direction of the signal. Somewhere on that line the source will be. Repeat for the other side and you can now draw 2 lines. With a little math we can determine their point of intersection. Do things in that order and don't worry about the next step just yet. It's all just a bit of logic - we'll work it out no biggie. After that comes another hard one - identifying multiple unique signals. The feasibility of that depends on the signal you actually receive and if we can process it in some way, of if we should just consider it a 'blip'.

P.S.: Had to look up the word (?) 'yoloswag' and got a giggle out of the second explanation.

Edited June 4, 2014 by Cooper

[toughbunny]

Hi, thanks for the response.

I was just wondering, assuming the mac adress is not encrypted and regularly broadcasted on 2400mhz, how would I demodulate/decode it?

Thanks!

[dBz]

If you're really wanting to "triangulate" cellular, more specifically GSM, you should check this out, use your imagination after that.

http://en.wikipedia.org/wiki/Timing_advance

V/r

dBz

[cooper]

Only problem with that is that the OSMOCOM folks figured out how this works and are currently capable to play with that timing advance value in a protocol-valid way to make them appear somewhere they're not. We're talking blocks off of where the TA would suggest you to be.

Edited June 25, 2014 by Cooper

[dBz]

OSMOCOM most certainly can't "play" with that timing advance. GSM would break if you fiddled with it. Every piece/parameter of the GSM standard has a purpose and reason for implementation. If it wasn't crucial, teleco wouldn't have used it since it would suck up bandwidth, which is money to them.

What I'm getting at is there is a value, an integer if you will, that correlates to 550 meters. Its the amount of distance the speed of light (aka radio wave) will travel in 3.6 micro seconds. Additionally, you can't mess with the timing advance because it's not yours to mess with, the phone calculates it, then given to the tower. I should have pointed to something with a bit more meat, like this page. http://www.telecomhall.com/parameter-timing-advance-ta.aspx