Wednesday, 15 November 2017

Software Defined Radio and Pager Decoding

Ive been playing again recently with my cheap R820T RTL dongles. These, when used with suitable custom drivers and SDR software, are interesting devices allowing for the reception of all manner of signals.

In this case, ive been using mine with the SDRsharp software package to control them (referred to as SDR#), and playing with attempts to receive and decode digital audio and trunked network signals. Ive not had much luck that way yet, but what I have had success with are pager signals.

Some of you reading this (I suspect most of my readers!) will be old enough to remember the period in the mid 1980s to the early 90s when mobile phones were the size of a housebrick, public payphones either vandalised or used as conveniences, and the alternative to a landline the very short lived Rabbit DECT system!

During this telecommunications chaos, those who wished to look like Yuppies but without the budget for a phone, carried a pager. My mate Ian had one - I dont actually recall it ever beeping! ;-) Most people think these legacy devices are obsolete with the coming of GSM phones, but no, they still exist, now used mostly for alerting on-call staff, sending telemetry messages, and are also now a valuable part of the emergency services response systems.

These devices live on the VHF bands around 138MHz and 153MHz. Two protocols are still in general use - POCSAG (Post Office Code Standards Advisory Group) and FLEX, at several baud rates from 512 and 1200 (POCSAG) to 1600 and 3200 (FLEX)

By combining SDR# with a software package called PDW, these signals can be decoded into their numeric or alphanumeric messages.

There are many users of these systems, and it seems different channels carry generally different traffic. The frequency in use in the image above is 153.275MHz. This is a 1200bd POCSAG signal, with timing/test messages (not decodable) every minute. When there is message traffic, it is generally numeric or simple tone alerting. Likewise its apparent sister frequency 153.250MHz. To the right in the waterfall can be seen 153.325MHz (3600bd FLEX) which seems to carry a lot of machinery telemetry and general 'call so and so' messages, and 153.350MHz, 1200bd POCSAG (CH3), which for me is the easiest and generally busiest frequency. To the left of the waterfall can be seen another FLEX channel, 153.025MHz, this also transmits a very regular timing pulse, as can be seen.

For anyone trying the above software combination, I have found that the following settings work for me - RTL gain 38dB (adjust this on yours to get signal peaks around 30dB above the noise), receiver bandwidth 15kHz, SDR# audio out 54dB.

I have spent quite some time exploring the 153MHz channels, so now will move down to 138MHz and try my hand at decoding those.

On a related note, ive taken the plunge today and purchased a Uniden UBC-125xlt handheld scanner. This isnt to replace my venerable Yupiteru MVT-7100, but instead to add to my capabilities with its 'close call' features. Ive also ordered another R820T2 SDR dongle, and a pair of MCX to BNC pigtail cables, as I intend enclosing the dongles into aluminium boxes to help cut down the noise floor.

No comments: