I tried demodulating a signal transmitted from an OpenLST transceiver using a RTL-SDR dongle here. Now I am going to take a closer look at the demodulated signal.
Structure of the transmit packet from OpenLST is as follows. In the test transmission I did here, I transmitted a single byte of data, 0XFF. OpenLST uses a TI C1110 chip and, C1110 adds many other bytes to the transmit packet for synchronization and error checking. My OpenLST transmitter is configured with the following packet structure.
Byte 0: Preamble (0xAA)
Byte 1: Preamble (0xAA)
Byte 2: Preamble (0xAA)
Byte 3: Preamble (0xAA)
Byte 4: Sync word (0xAB)
Byte 5: Sync word (0x35)
Byte 6: Sync word (0xAB)
Byte 7: Sync word (0x35)
Byte 8: Length of the packet except preamble and sync word (in my case 0x08)
Byte 9: Flag Byte (0x40)
Byte 10: Sequence number
Byte 11: Sequence number
Byte 12: Radio in (0x01)
Byte 13: Command (In my case command for tx data is 0x1C)
Byte 14: Transmit Data (In the specific case I consider here, its only one byte, 0xFF)
Byte 15: Hardware ID (in my case 0xCA)
Byte 16: Hardware ID (in my case 0xCA)
Tx packet starts with a preamble. This is a string of bits which helps the receiver to identify the receive data baud rate. After the preamble, the sync word repeats twice. Sync word helps to identify the byte boundaries and functions as a system identifier as sync word can be set unique to a transmitter,
CC1110 uses a process called 'whitening' to achieve better power distribution over the allocated bandwidth. Whitening is used to avoid long strings of logic ones or zeros. All the bits in the Tx packet except preamble and sync word are XOR-ed with a 9 bit pseudo random number. Pseudo random number generation process in C1110 is described in TI Design Note DN509. The generator starts with assigning all bits to 1. (1 1111 1111). 8 least significant bits of this is used as the first whitening key. To generate the MSB of the next pseudo random number, bit 5 and bit 0 are XORed and bits are shifted to right by 1. Following figure demonstrates this process and the image is obtained from TI Design Note DN509.
The 8 least significant bits from every 8th pseudo random number generated are used as whitening keys. We can list the whitening keys as follows.
WK1: 0xFF
WK2: 0xE1
WK3: 0x1D
WK4: 0x9A
WK5: 0xED
WK6: 0x85
WK7: 0x33
WK8: 0x24
WK9: 0xEA
WK10: 0x7A
Then the transmit bytes of the packet we considered earlier can be obtained as follows.
| TX Byte 0 | 0xAA | No whitening |
|---|---|---|
| TX Byte 1 | 0xAA | No whitening |
| TX Byte 2 | 0xAA | No whitening |
| TX Byte 3 | 0xAA | No whitening |
| TX Byte 4 | 0xAB | No whitening |
| TX Byte 5 | 0x35 | No whitening |
| TX Byte 6 | 0xAB | No whitening |
| TX Byte 7 | 0x35 | No whitening |
| TX Byte 8 | 0xF7 | 0x08 XOR 0xFF (Byte 0 XOR WK1) |
| TX Byte 9 | 0xA1 | 0x40 XOR 0xE1 (Byte 1 XOR WK2) |
| TX Byte 10 | 0x1D | 0x00 XOR 0x1D (Byte 2 XOR WK3) |
| TX Byte 11 | 0x9B | 0x01 XOR 0x9A (Byte 3 XOR WK4) |
| TX Byte 12 | 0xEC | 0x01 XOR 0xED (Byte 4 XOR WK5) |
| TX Byte 13 | 0x99 | 0x1C XOR 0x85 (Byte 5 XOR WK6) |
| TX Byte 14 | 0xCC | 0xFF XOR 0x33 (Byte 6 XOR WK7) |
| TX Byte 15 | 0xEE | 0xCA XOR 0x24 (Byte 7 XOR WK8) |
| TX Byte 16 | 0x20 | 0xCA XOR 0xEA (Byte 8 XOR WK9) |
By taking a closer look at the decoded bit stream, I identified the transmitted packet byte values as in the following figure.
We can see that the decoded data are the same as whitened tx data we calculated above using the whitening keys.
Subscribe by Email
Follow Updates Articles from This Blog via Email
No Comments