Showing posts with label scanner. Show all posts
Showing posts with label scanner. Show all posts

Friday, May 22, 2009

POCSAG and FLEX pager reception and decoding

Browsing the 900Mhz band last week, I came across the distinct sound of pager protocols on a handful of frequencies. Years ago I began listening to pagers on the 138Mhz band as my scanner at the time only reached the 500Mhz band as it’s highest frequency. With my ICOM-R7000, I am able to easily browse through the entire 900Mhz band where I have found most of the pager frequencies are located.

The two main protocols used by pagers are POCSAG and FLEX. Both protocols support tone only, numeric and alphanumeric pages at various bit rates. POCSAG uses FSK modulation with a +- 4.5Khz change of the carrier frequency. A +4.5Khz tone is a 0 and a -4.5Khz is a 1. Bit rates of 512 ,1200, and 2400 bits per second are supported. FLEX is another protocol which is newer and also uses FSK modulation. Bit rates are available at 1600, 3200, and 6400 bits per second. A key note to make about both of these protocols is the fact that their data is transmitted in clear text.

The only requirements to decode pager transmissions is a scanner / receiver capable of receiving FM on pager frequencies, ( the low 900Mhz band seems to be the most active) and software that is capable of decoding pager transmissions. The software I use is called PDW, and is freely available. It is capable of receiving both POCSAG and FLEX transmissions in all bit rates including a handful of other protocols.

For an antenna I’m using an outdoor wide-band antenna that has coverage in the 900Mhz band. I’m also utilizing a mini-circuits ZRL-2400LN wide band low noise preamp to help pull in any distant signals, even though it really isn’t necessary as these pager transmissions are fairly strong.

There are several interface methods available; the first is connecting your scanners audio output directly to the input of your sound card. The second involves taking he discriminator output of your scanner and connecting it directly to your soundcards input. The last method involves making an FSK to rs232 level decoder that takes the scanners audio output or discriminator output and converting it to serial data. I have actually had really good results with using the discriminator output of the R7000 and tying it to my sound card.


The ICOM-R7000 does not have a discriminator output, but it is an easy modification to add. The R7000 actually has a ‘spare’ rca connector on the back that can be used for any additional mods you wish to add, and tapping into the discriminator is an easy operation to do. There are instructions all over the place to do this so I won’t describe it here. The discriminator output is key since it provides access to the FSK pager audio before it is passed through filters on the scanner that usually destroy the signal.

I am passing this discriminator output directly to my soundcard line input and have had excellent results. Many people mention that this won’t work for the higher bit rates, but I am successfully decoding FLEX pages even at 6400 bps using this method. I used to use the audio output form my old scanner to my sound cards input with poor results. At best I was able to decode POCSAG at 512 bps. I would still like to make a 2 level or 4 level FSK converter, but I really find it isn’t necessary.

Finding the pager frequencies is fairly easy. There are many lists available around that I found from some searches, although I found many of them to be old and out of date. I had my best results by simply searching around and hearing them. This is better to perform during the day as I found pager transmissions are much more active than at night. I usually start right at 900Mhz and begin tuning up 5Khz at a time. Pagers are easy to find as the tone has a very distinctive sound. Several passes over the band may be required as some of the frequencies will be idle when no transmissions are present. I found the following frequencies to be very active by me:

940.870, 929.295, 929.620, 929.720, 931.340, 929.670, 929.545, 929.845, 931.345, and 929.495.

This may be different in your area, but most of these I believe are nationwide pager networks. Here are some of my results:

( I removed actual names and modified phone numbers as I have no interest in displaying real personal information. )

0389996 00:08:13 20-05-09 FLEX-A ALPHA 6400 MSN 019 hello Message from NOC PCB. 1510016
1424219 00:09:31 20-05-09 FLEX-A ALPHA 6400 THIS IS A TEST PERIODIC PAGE SEQUENTIAL NUMBER 7829
0769357 00:09:33 20-05-09 FLEX-C ALPHA 6400 0769357 00:09:46 20-05-09 FLEX-C ALPHA 6401 es 40 pts, 6 rebs, 4 ast vs. Carmelo Anthony's 39 pts, 6 reb, 4 ast...010243590 00:09:48 20-05-09 FLEX-A ALPHA 6400 801221234545020519203005192245005
010243590 00:10:03 20-05-09 FLEX-A ALPHA 6400 902051234545990519203005192245015
0186743 00:10:03 20-05-09 FLEX-C ALPHA 6400 MONTGOMERY, NJ (SOMERSET) *2ND ALARM* 16 HAMPTON CT. 2ND ALARM REQ ON ARRIVAL FOR THE F/I DWG W/POSS ENTRAP. NJ2
011156517 00:10:22 20-05-09 FLEX-A StNUM 6400 281 555-9405
011319993 00:10:22 20-05-09 FLEX-A StNUM 6400 213 555-4758
0000001 00:10:22 20-05-09 FLEX-A ALPHA 6400 MSN 030 hello Message from NOC PCB. 1111111111
010239056 00:11:39 20-05-09 FLEX-C ALPHA 6400 38767:Host:png,pBg_fcsw_4.png.com Event:nodedown [nvasp] [58]
010248578 00:14:13 20-05-09 FLEX-C ALPHA 6400 Feeder 07Q85 opened 05/20/09-00:03. 3 of the 24 feeders are out of service at FLUSHING NETWORK . [57]
0186742 00:41:01 20-05-09 FLEX-A ALPHA 3201 DV. BULK OF FIRE K/D. CO'S GOING INT FOR SEARCH & O/H. NJ2
0186743
002816630 00:41:37 20-05-09 FLEX-A SH/TONE 3200 520
003951995 00:44:05 20-05-09 FLEX-A ALPHA 3201 MSGW02MOM" CPU is running at 5.50 percent This event was generated by the script: "Exchange ... [88]
003435545 00:48:11 20-05-09 FLEX-A ALPHA 3200 HARD WATER IN CONDENSATE. CALL THE POWERHOUSE 3-7038. PAMS_24.Unack HARD WATER IN CONDENSATE *ALM* High [78]
003951995 00:43:11 20-05-09 FLEX-A ALPHA 3200 Store timed out at the 30 seconds threshold Exchange Server:"MOBMSPF05" MDB:"SG1 (MOBMSPF05)\SG1_Priv1_(MOBMSPF05)" Mailbo
003951995 00:43:22 20-05-09 FLEX-A ALPHA 3201 x:"MOBMSPF05MOM" CPU is running at 2.97 percent This event was generated by the script: ... [82]
002116131 00:07:43 20-05-09 FLEX-C ALPHA 6400 PATIENT - EMERGENCY
SAME
HER EYE WAS OPERATED ON LAST MONTH AND SHE HAS
EXTREME PAIN NOW


The message displayed in PDW consists of the pagers cap code (unique address), time, date, protocol, page type, bit rate, and finally the message. The cap code is the unique id set to each pager. All pagers on a certain frequency receive all pages on that frequency, but they only display pages where its cap code matches the code in the messages. I am seeing pages from a local hospital, sports scores, news, tower information transmissions, business nagios server alerts, other miscellaneous data, and of course pager numbers. It’s quite interesting to see how much information is easily received and decoded.
Posted by at 8 comments:
Labels: , , , ,

Tuesday, February 26, 2008

Listening to satellites

Satellites are cool...

I have always wanted to pull real-time images off of weather satellites. I read articles of people doing this years ago, but never had the necessary equipment necessary to do it. Receiving these images is actually pretty easy... I had some horrible looking images within a few hours of setting up my system. So now that I have the necessary equipment and with it being February along with the fact that I'm getting really sick of winter, it's a good time to finally do this.


First received image: (very noisy since my antenna sucks.)



The United States currently has three transmitting operational polar orbiting weather satellites, NOAA-15, NOAA-17, and NOAA-18. These satellites travel in a sun-synchronous orbit around the earth at an altitude of about 850km. Because they are moving so fast making revolutions of the earth approximately every 90 minutes, each one passes over regions of the US multiple times each day.

Now what's interesting is these satellites are transmitting their imagery of the earth back to us on two separate frequencies. The first is a high resolution digital signal that transmits around 1.7Ghz, but the second is a lower resolution modulated signal that is around 137Mhz! This system is called APT (automatic picture transmission) and is not encrypted. The satellites are constantly transmitting this APT signal at about two lines of imaging per second and if you are able to receive this signal, you can view real-time weather satellite imaging.

Because of the speed of the satellites, you only have about a 12 minute window to capture the satellite imagery as it flies by overhead. This is plenty of time to get some good images.

The equipment:

The only equipment you need to receive these signals is a good scanner/receiver with wide bandwidth, a good antenna for 137Mhz, and a computer/software that can decode APT data.

Most consumer scanners / receivers on the market have two problems. First, they have the 137Mhz spectrum blocked so you can't receive it, and second they don't have a wide enough bandwidth at the receiving frequency to pull in all of the information. The receiver I'm using is a Kenwood RZ-1, which is sufficient for this task.

I have been using two pieces of software, Wxtrac and WxtoImg. Both work and are freeware. WxtoImg is definitely more powerful... but to unlock all of it's features you have to pay for licensing. JTrack is a powerful satellite tracking tool that is available to use free from NASA that I use to track passing satellites.


My results:

The above image is very low quality ( again from an inadequate antenna) but it does show the entire signal received. The left portion of the images in infrared data, while the right is visible data. The bending of the image is Doppler shift caused by the speed of the satellite moving across the sky. Once I receive a stronger signal, the software will compensate and correct this. The map of north america is applied by the software, it uses the known keplers of each satellite to keep track of the satellites exact location.

Here is another pass. I really need an antenna...



Improvements to make:

The antenna! I need a good antenna with a center frequency at 137.000Mhz. There are a lot of good designs out there, the quadrafilar looks to be the most popular, but also somewhat difficult to make. I will have to do more search into the best antenna...

The winter months are also the worst time to be receiving this satellite imagery. The low contrast from the clouds and snow covered ground both being a nice bright white color combined with the low amount of sunlight we receive this time of year makes decoding image data from signals that already have a very high signal to noise ratio extremely difficult.

I'm really hoping to get some good images soon.
Posted by at 2 comments:
Labels: , , , ,
Subscribe to: Posts (Atom)