DEFCON 19: Build your own Synthetic Aperture Radar (w speaker)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

okay hi everyone my name is Michael scritto and I'm going to talk to you about how you can build your own radar system so this talks a little bit off the wall I guess you know traditionally is more security focused at DEFCON but I thought it was a pretty cool topic and I like remote sensing systems so I wanted to present something that I've been working on with some people at MIT so when talking about stuff like this is going to be a some amount of math I mean there's not really any way to avoid that so I do apologize in advance but you know we're going to talk about it and hopefully I'll explain it in a way that you can understand pretty easily but I didn't want to you know kind of overwhelm anyone with it so we'll try I'll try my best I agree so first of all what is radar basically it's it's some way of looking at the world through radio waves you know you're measuring something you're sensing some sort of electromagnetic field and basically what you're doing generally if you send out a pulse and you look at the response so radar used to be an acronym it's become a word it stands for radio detection and ranging and that's basically what it is so you know what you might think of traditionally is something like you know these is I think that's a weather radar from like the 40s or something so you know that's kind of the basic idea of what people think but we can what you're measuring is essentially position of something velocity of something direction of motion of something but the thing is you can actually do a lot with this type of technology you can look at pretty much anything I mean you can look at like here we got people terrain like land surface you can look at you know foliage weather patterns you can look at clouds rain ships aircraft spacecraft like pretty much anything you can think of so when I'm not really talking with something like this but what we can do today is is more something like this this is an image of the Capitol I guess it's a Sandia radar system but this is what synthetic aperture radar can really do with a nice system so what we have is a 3d point cloud of the Capitol building taken from an aircraft so you know why do it yourself why is this you know something that we could talk about now and the reason that you know it's particularly interesting nowadays is because it's become extremely easy to do this and it's become cheaper than it ever was for to do this and the big thing was the wireless revolution is given us access to a lot of hardware that used to be really expensive and pretty much only available to the military but the need for it in the commercial communication space means you can buy a lot of the stuff just off the shelf and the other thing is for processing all this stuff used to be done in analog nowadays you can just feed it into a computer and the computer will do pretty much everything for you and I guess you know the main reason to do it yourself is because it's pretty cool you can do some pretty interesting things with it you know the stuff that I'm going to demonstrate today hopefully is not not even close to the extent of what you can do I just want to give a simple demo of like you know in this space what can we look at so Who am I I'm from MIT I'm an electrical engineer mostly and the rest of the time I do pretty much anything else engineering or science related when I need to currently I'm working on RF remote sensing systems not not radar systems but actually weather instrumentation at MIT and I have a pretty broad set of interests but a lot of stuff related to RF technology including like RFID communication stuff Imaging Systems remote sensing wireless comm and you know security of course is a big interest of mine and anything that can combine those issues is awesome so I guess what I'm going to start with is talking about how radar works in a general sense then I'm going to go a little more detail like how would you actually make some of these measurements I was talking about with the radar system after that you know talk about how you could build your own radar hopefully we can demo that if it works for me I'm going to go into a little more about synthetic aperture radar which is basically a technique for taking pictures with radar and this is both 2d and 3d imaging and then we'll go into maybe improving the design of the home-built radar like what sort of stuff I'm looking to do in the future and what stuff I'd love to see some people here talking about next year if they did it themselves so first with an overview like I said before the basic idea is you know we transmit a signal and we get some kind of return off of it so you know this is a this is an aviation system so basically what this is doing is it's spinning around sending out a pulse and measuring how long it takes to come back but it's not necessarily that specific you could do a lot of processing with that return signal and the key point here is that every radar system works on this type of principle you're transmitting a signal from somewhere or somebody's transmitting it from it signal from somewhere and you're looking at how that reflects off of a target and all this was governed by this thing called the radar equation which is this big thing with a whole bunch of terms that you know there's a whole bunch of stuff here so basically what we're looking at is the function of received power versus transmitted power and the way the Begich changes you know get transmitted or gain antenna aperture which is like how big your dishes cross-section propagation factor refers to the medium that you're in I don't really don't really care about most of this stuff right now the main point I want to make is this target distance here so we have power over R to the fourth that's that means that basically um you know your your transmit power doesn't matter that much so the received power is going to decrease with the fourth power of the distance so if you move by a factor of ten away like you know I guess my example here is if you trim if you receive a signal of one Mel watt at ten meters at a kilometer that's ten Pico watts it's really tiny so you know that but in that sounds kind of bad because it does severely limit your range but at the same time the system right here that I'm going to show uses about 10 milliwatts of transmit power that's only ten times worse than a hundred watt radar which would be like the size of a car so you really you can get a lot of performance with kind of these low costs like simple systems so where's radar use in general it's pretty much used for anything I'll go over a couple applications air traffic control is a really big one they use it for in route tracking so this is actually a picture from a website you can go to to like track flights live it's kind of neat so this is Las Vegas a couple days ago it's used for weather measurement it's a huge set of data for trying to track precipitation so what's happening here is this is this is a Doppler radar image so what it's doing is it's actually measuring the velocity of the the rain or the hail or whatever it's looking at and the the color is the strength of the return so it's how much precipitation is there but the other cool thing is they can figure out which way the storms moving by the Doppler shift of the signal which is why it's called Doppler radar another thing is you know police applications these speed guns to you know give you tickets and that sucks but you know it's a lot of a lot of uses Automotive side there's actually a lot more of this stuff so anytime you want to kind of track things that are close others radar systems they're also lidar to some extent which is pretty similar but they're using it for cruise control now so your car can follow a certain distance behind the next car collision avoidance you're called pilot brakes right before you hit something automated parking which I think isn't the Prius uses radar to figure out where the parking spot is and then you know a ton of the staples in general you need a ton of this technology to figure out where they are in like the near space it's used for surveying applications so you can fly a plane over some terrain and get a 3d image of what the Train looks like that's pretty useful and the military is it for practically everything they love radar you know this it's hard to get some good examples but you know pretty much any system that involves you know shooting something somewhere or like looking at something or you know anything that they might want to do is going to use some sort of radar system and like I said it's kind of hard to get good examples so why radiofrequency you know you can there's tons of sensing systems that operate from you know basically extremely low frequency maybe like tens of kilohertz even lower like tens of Hertz all the way up to the visible light beyond like x-ray is everything up there so you know what's special about this frequency band and by the way what we're talking about is something in the range of 50 megahertz to about 50 gigahertz so and more recently been going up from there but what's special about this range is we get pretty good propagation in the atmosphere so we can transmit a signal that runs of miles or thousands of kilometers and it can go through the atmosphere through space not so much through water because it's hard to propagate through that and that's why they sonar but um the signals are you know they can travel through clouds or smoke obscuration to some extent with certain systems you can penetrate the ground and there is something called ground-penetrating radar for searching for tunnels or wiring or anything under there without actually digging it up the signals travel really fast which is both a positive and a negative so the plus side is well you know it's you're getting your signal there really fast you can detect things really far away in a short amount of time like sonar could take minutes to go any real distance but you know this isn't this is instantaneous they're at three thousand three hundred thousand kilometers a second I think is like six or seven trips around the world in a second any other advantages that the antennas are reasonably sized so we used to use systems that were lower-frequency hundreds of makers tens of megahertz and anyone that does an amateur radio knows how freakin big those antennas are and if you want a directional antenna it's going to be even bigger because that dish is going to be 50 meters 100 meters that is enormous so we can build stuff with like you know a can this is at 2.4 gigahertz this can is what three inches in diameter and it's coffee cube so you know how do we build these radio frequency systems the big thing is that it's hard to build circuits that operate at these frequencies if you think about your computer and how hard it is to get the CPU to run it you know 4 gigahertz or something that is a chip that's about you know 3/4 of an inch on the side it's trying to switch at that frequency and get a signal 3/4 of an inch or less and that's at four gigahertz if we want to build something that's like a transmitter of 50 gigahertz that's going to be really hard to like do any sort of complex digital coding or modulation or anything like that so the way that virtually every single radio works is what they do is they process the data at some low frequency so like if you have a you know voice like FM radio or something the transmitter is just recording audio and it's processing audio and then when it gets ready to transmit it just magically shifts that signal to the frequency it's transmitting at up to you know 100 megahertz or something and what this is called is heterodyning redit radar pretty much works the exact same way in almost every case so now the way this works is there's a little more math here so the trig identity that I'm looking at is the product of some role basically if you multiply two trig functions or two sine waves at two different frequencies what you get out is the sum of their sum the frequency of their sum and the difference of the two frequencies and if you lose half the power basically in the process of doing that because the two signals are you know half so what this is called is mixing so what we're getting at you know the sum in different different frequencies so as an example if you take your 2.4 gigahertz like Wi-Fi signal and you mix that with something that's very slightly higher this is 2.4 0 0 0 0 1 gigahertz then you get something at about 4.8 gigahertz which you don't really care about because well I don't know I don't need it and you get something at one kilohertz which is actually a lot more interesting so I can measure very precisely what the frequency of that second signal is if I'm very good at measuring the first one because they're really close to each other and you know I can get this one kilohertz like resolution for instance that's that's pretty useful so there's a device called a mixer which basically multiplies some known signal with your unknown signal and it shifts it in frequency and that that's just magical you can do that's how radio is possible so as a visual example of this and we take two functions which I just got an octave you know we have sine of T sine of one point one times C so that's something that's like ten percent faster and frequency if you multiply those you get something like this this is what you can see here is the sum of two signals one of them is a fast moving signal and the other one is a slow moving signal so um you know looking at the frequency domain it's the same sort of thing and this is actually a relevant picture so if you haven't done some stuff like this before it could be a little bit foreign to you but basically what we're looking at with these arrows is that's indicating that there's a continuous wave tone that's the the sine wave at that frequency and it has no energy in any other frequency so that sine wave in time is equivalent to that spike or Delta in frequency so in this in this third example what you get out is these two different frequencies and as an example of this you've probably heard this before if you have a bunch of like K stands in a computer for instance you can get those really annoying like very time varying tones so if you have brought something running like 6,000 rpm and one running it like six thousand and ten rpm you have a ten rpm signal that's being generated acoustically between those two things so you have some faster signal and then you have the slower one and that's going to give you that like beating tone which is really annoying that's exactly what's happening there so let's talk a little bit more about you know what we can measure here so like I said before there's a couple things that we're talking about direction is like you know if I have some target which you know where do I go to get to it range is the distance to the target and velocity is kind of how fast the target is moving so that we can combine all these things into basically imaging so we can use various techniques to generate a 2d or a 3d picture which is what I'm pulling this range and cross range domain of one of these measurements and when I say range and cross range what I mean is in the radar world you're not if you take a picture of like this wall for instance or you know that wall whatever your two dimensions are kind of like up and to the side there but they're both perpendicular to you a radar kind of flips that 90 degrees so one of your dimensions is range which is like how far away the thing is another one is like in some other axis so it's cool because you can look from the side and then get like kind of an overhead view of what something looks like so if we want to measure range it seems pretty simple right we send out a pulse you know just hang it out and wait for the response and we just time how long that takes so here's a visual depiction here if we have a transmitted pulse at time zero then you know we're going to get some returns from some targets and we're going to say one it's like I don't know 15 meters away when it's 30 meters one is 65 and so that seems pretty easy we just look forward and like a scope or something and the reason that this is hard is because the waves travel really fast they travel the speed of light so we have this equation the time it takes to get back is two times the distance because it has to go there and come back divided by the speed of light which means that it's 70 meters we're talking about I guess that's 500 nanoseconds of time which is pretty hard to measure if you want to do it easily so if you're using a sound card for instance which is what the original version this thing actually used to sample that 44 kilohertz sample rate corresponds to a seven kilometer distance in space range so you know that's probably not going to work for most systems so if we're trying to UM measure velocity now I'm going to go back to range in a second let's say we want to measure a person walking well they move really slow so it's going to be kind of hard to like see a real real change right you know so the way this is done is the Doppler effect um if we have so if we haven't put something moving like this is I guess the car analogy you know we have a car driving by on the road and you're standing there on the side of the road and you're listening to it when it's coming towards you you know sounds a little bit higher pitch it passes you and the frequency suddenly drops and it sounds lower pitched and that's because any like sound being generated by the car is basically being like compressed in space as it propagates because the car is moving as those waves are coming you know emanating from the car so it's a higher frequency Taunton that's the lower frequency tone so we send a radar pulse like what I'm calling a continuous wave tone which is just a sine wave at something that's moving towards you it's going when it reflects that it's going to increase the frequency because it's moving faster it's not going to change the propagation speed because everything moves at the speed of light you know due to relativity but it's going to compress it in time or in space rather so it's going to increase the frequency of the signal so you know if we had a three meters per second signal returning at 2.4 gigahertz into 2.4 plus 24 Hertz so that's going to be pretty hard to differentiate but if we have a really good 2.4 gigahertz reference we can just mix with that and we get out 24 Hertz and I can I can see that on a scope pretty easily I can measure that and then that way I know pretty accurately how far away the target is and by the way the previous the previous example was kind of how radar first got developed it was that's like basically a pulsed radar this would be called continuous wave operation which basically means you're transmitting one frequency all the time so going back to measuring range if we're trying to see a difference in frequency it's pretty easy we can do that and the really cool thing is if you take that into the computer and Fourier transform it you can very easily get a plot of the frequency at you know versus power and it's harder to see a difference in time just because we can't sample that fast or it's expensive to sample that fast so what if we took the frequency that we're transmitting that we're you know we have plotted here and we just ramped it so what that means is it's going to be a tone that looks or like this it's this is called a chirp and what's happening is you know it starts out of the low frequency and it just gets faster and faster and faster and then it's done and then it restarts or goes back down or something so what happens with the return signal then if you're trying to transmit it something that's far away is you know you get like let's say the first line is a transmitted signal and the second line is the receive signal so you have if you're looking at what you're transmitting it time compared to what you just received it's going to be shifted by however much time it took between you know when you sent it and when you just got it back and so that's some small amount of time but if you're ramping the frequency it actually corresponds to a difference in frequency and then you can actually do the exact same thing if you mix those two signals together using a mixer you will get out basically the difference in frequency between the two signals and what that means you know practically is let's say we have a 10 meter target or you know something that's 10 meters away if we ramped over 200 megahertz in 20 milliseconds which is reasonable you know it's something that we can achieve pretty easily that you know point whatever the hell that is unknown how long that is but I think it's 66 nanoseconds or something that signal turns into 667 Hertz which is in the middle of the audio range I could sample that with a sound card and tell you how fat or how far away you are so this is known as FM CW radar frequency modulated continuous wave and that's how I think most of the systems work today um so then you know let's say we want to go a little bit further then we want to take a picture of something so there's a few ways of doing that but basically at a high level what we're doing is you're basically just taking these measurements and just repeating them again and again and again in some different place or different orientation or whatever so there's a few ways of doing that one is just scanning so if you ever seen a big dish - spinning around repeatedly you're pricing them probably seen them at airports before all that's doing is it's a very directional beam and it's just pointing it out and measuring the responses back to try to find all the planes and so it just scans and it you know just traces out a path and it's exactly what you see on those old radar scopes we have a line going around your little circular screen so you know we've got a little bit more sophisticated than that since then so there's something called synthetic aperture radar which basically means you can get better resolution if you have a bigger dish but the problem is then you have a bigger dish and the bigger dishes are more directional so that's the advantage so a synthetic aperture radar what you're doing is you're actually taking coherent measurements of the signal at different places and you're trying to simulate having a larger dish and you know the reason you would do that is so that you can get a finer resolution of space so if you just point it in one direction like I think the beam widths on these things are like forty degrees or something so you couldn't see out there but the idea is that you make it highly directional by simulating measurements from multiple places and then you can kind of combine all those measurements together and get a you know range cross range plot and I can't do that live right now but I will show you some pictures of that and then another system is actually called inverse R where you actually you keep the radar fixed but you move the target and this is if you want to get like kind of radar cross-section measurements of aircraft or something I'm not sure why you want to do that but you know and then more recently something that they've been doing is called is basically multi-antenna be informing and be informing is where you take a whole bunch of antennas and you instead of having like a directional muna to begin with you basically steer the beam with the antenna with the antennas and the way that works is you're basically adjusting the phase of each signal so you have some flat front in some direction and you can control that direction and scan really fast and the advantage there is you have no moving parts and you can scan really really quickly and we use you know we use that for a bunch of surveillance applications like it's just it's useful if you want to find things really fast and it's much it's much more flexible than something just physically scans so you know let's go on to you know how you might build a system like this so I the the home-built radar that I have here which I guess if you want to get a good look at it I guess come to the Q&A room and we can show it off the original design was by this guy named Greg Charvet he's a employee at MIT and you know I've worked with him a good bit and he's a pretty cool guy so he really loves radar and so he designed this system to be built as an M as an MIT class as basically a I think it's a two week long class where you just learn how to build these things and it's pretty simple the cost is a few hundred dollars it operates in the Wi-Fi band 2.4 gigahertz and it's it's pretty simple to use the downside at least with the one that I built is that it's actually really hard to get through airport security they give you a lot of if you try to take something like that on the plane what I was told when I went through the the check-in was that well I I showed I flagged the guy down and I showed him this thing he's like what the hell is that and I told it to right like what's that so so you know I was like okay you can look in here or something and then you know his comment was perfect he's like he says it looks like a bomb and I was like well I'm glad I didn't say that but anyway eventually they did let me through and I was able to get here hopefully I'm not on a watch list now so let's try to let's try to describe how the system works um so this is a this is a block diagram for RF stuff and I guess it's that's not too hard to read up here so this is how RF engineer is kind of like deal with the world of circuits so we don't this isn't really a circuit it's a set a set of components so you know try to go through it and explain what's happening here so the first thing is the thing that says modular that little like spike thing is that's the ramp generator it's generating just a rampant voltage which gets fed to this thing with the curvy line called a voltage controlled oscillator and it does exactly what you think it the frequency of oscillation is related to the input voltage so you send it a ramp and it gets faster and faster and that generates the chirp I was talking about earlier there's an attenuator power amplifier which just makes the signal you know louder more powerful that signal gets split and one of the you know one of the copies of the signal gets transmitted out by you know one of these one of these dishes here coffee cans sorry the other one the other part of the signal goes to that mixer and that's the what I said before is the local oscillator for that mixer so then what happens is the signal gets sent out by one antenna it gets reflected off of whatever and then it comes back and the other antenna gets amplified again because it's going to be really really weak now remember that one over are the fourth thing I was talking about and then it gets mixed with that known signal so then it's basically what we did it we took a signal we shifted it all the way down to pretty low frequency near near DC where we could record it with in the original system for this use the sound card I've actually changed that a little bit since then but that's that's what's cool about this is you can literally build something like this and record your radar data with your sound card and just process it on the computer with you know you record with audacity and then process in MATLAB that was how the original system worked and then there's this thing down here called a video amplifier and what that does is it basically just takes that really small signal that's still pretty small and it amplifies it a bunch of times at low frequency so we can feed it out to the to the computer and there's two outputs of this one of these is the sync pulse which basically tells us when the chirp starts and then the other one is the actual data signal back out and then I guess the components are here you can get those slides later but this is these are all off-the-shelf parts when this company called mini circuits which builds these things they basically they take a little check and they put it in a package and do all the testing and make it actually work and then you just like screw on little SMA connectors to it it's pretty cool because you just it's like doing plumbing but you're building an RF circuit so here's a picture of the thing that's sitting right there I guess I think I have call-outs on the next page so basically these are all the parts I just talked about it's a little bit different than that diagram because that green board is not in the original design that's actually basically a USB data acquisition board that I developed for this and I'm working on getting that to be releasable but right now it's not quite ready to it ready for public use yet but eventually I'd like to just kind of publish the designs online so you can see all the components I was talking about before we have you know the VCR first which gets a signal from that green board which is actually generating our ramp now so it's computer-controlled so the VCR goes the attenuator goes to one of those amplifiers and they see the splitter out there one of those signals goes to the transmit cam tenant which you can see at the bottom and then you know the other signal goes to the mixer their CF signal goes to one of the other high profile into the mixer and then everything goes out to the video amplifier and then back into the board so that's basically you know that's pretty much all the components we just talked about um I guess just for completeness I'm not going to explain these schematics but this is the original circuit this is something you could build yourself really easily to do data capture so one of these things is the video amplifier that thing at the you know the box thing at the top and the other one is the ramp generator which is just a chip that generates ramps and it generates two output signals which you plug into your sound card and record your radar data yeah sorry yeah oh um so the reason that's there is because when I was trying to make the scene usb-powered and so I just wired it onto the power for this other stuff everything on here was Bernal runs off with five volts so I plugged the USB in and then the computer doesn't like that it just turns off the port so the problem was the inrush current was too high and I needed something to like slow that down so I was like okay I'll put an inductor in there and the only work when I could find was this big like choke transformer thing so I just shoved that in there and that works oh that was that's all that's for okay so let's say we want to do a little bit more we want to get a little more sophisticated in the sound card because there are some disadvantages there it's hard to collect every chirp it's hard to stay synchronized and it's not as fast as we might like for sample rate so I developed this board that's basically my controller with an A to D D to a converter the way that we generate the ramps is we take a digital signal in the data a converter and then feed it through an integrator and if you remember your signals and systems that that continuous line turns into a ramp and we can control the speed of that ramp and the reason that we're not just directly generating the ramped is because if you ever looked at how a DAC outputs a signal every time you switch it it like jumped to the next level a little but it doesn't like kind of smooth it out so we could filter the hell out of it and it probably wouldn't work or we could just do something like this where we just generate a flat signal and then in analog we make the ramp and that was the easiest option and it works pretty well and then we just send that out to the VCO and then on the receive side you know we have a video amp that was actually not on the green board as on though sorry on the other board there and then this native D converter which is way faster than the other one I think it could actually run it 500,000 samples per second which is a lot faster than your sound card at 44 96 or something like that if you have a nicer one and the other advantages are you know internal triggering which basically means I start the ramp and I know where the ramp is and then I started capture at a certain point I capture data really fast and then it's done and I send it back to the computer so it's completely kind of self-contained I don't have to deal with like processing it later to do the triggering and that makes a lot of the real time stuff a lot easier so this is a picture of the board I guess it's not really too much to say here it's just you know a circuits and then the call-outs on that so actually the the two other things on there that I didn't mention was a gyro and accelerometer and I haven't really gotten to using these yet but this is part of my future plan is well if we can just track the position of the thing we can do a lot of this kind of coherent imaging stuff without any effort and I'll talk about that a little more later so I'd like to try a demo now I really hope this works but you know I'm not I know how demos work at Def Con and I I'm not you know we'll see what happens but basically we're going to do is we're going to try to do a range-finding demo so I'm going to take this thing and set it up to basically generated sharp record the response and display it on the screen and what's going to happen is there'll be a couple plots there and I'll describe does when they come up but basically what you're going to what you should be able to see is the distance to a wall or something is going to come up as a stronger signal at some range and we'll plot it with respect to range and then all that processing is done with an FFT so let's see if I can get out of this and okay oh wow that worked surprisingly well so if I plug this under the computer so I have to hope that VMware properly captures the device because sometimes it doesn't like to let's just confirm that it looks like it's connected so a little Python program I actually found this program online it was just like something to generate an audio spectrum and I was like well it's Python it's kind of really easy to make it do whatever the hell I want so I adapted it to my little USB serial interface and and actually I should probably I think I'm forgetting some I got us at the mode on this sorry our sorry and where else back enough see if this works so it doesn't give any error messages we should be getting something scrolling across the screen in a second oh okay so there's a couple different things here so in the middle plot that's there actually a lot of noise here and I can explain why that probably isn't a little bit but um so that that plot in the middle is basically the time plot of signal that we're sending out or this is the response so this is literally at you know low frequency it's basically an audio tone is what it would sound like and that's related to the signal it's not very directly related so what we do is we Fourier transform that which you can see on the left and the right so the one on the right is kind of a scrolling view of that and it's kind of hard to see the scale on here but on that spectrogram view those numbers are supposed to be the distance in meters to whatever you're looking at so I guess you've seen a fish finder before it's basically the same interface so what I can do is I pointed at the wall I'm pretty sure that that that strong response at about 30 meters is probably about the distance that which sounds about right they pointed up at the ceiling it's going to drop down and we see a very strong red line at about 8 you know it's about the correct distance and we can just kind of scan it around you know so sorry yeah so we get something at about 4 which is right so you know it's basically you can you can also see the power thing here so when this is being displayed this is a log scale so it's not going to decline as fast as you would expect but um as they get further out obviously they're gonna gets way way weaker the other thing which I haven't actually seen yet which I'm a little surprised by is uh so this thing operates in the Wi-Fi band there's a lot of noise I'm not exactly sure why that's happening I was having before but what you do see occasionally is these pulses kind of towards the top end of that and that's actually Wi-Fi signal bursts from the thing transmitting it's a you know I think it's a 24 megahertz wide signal and what you see that for is like a little pulse in the middle of the time window and unfortunately I guess no one's using Wi-Fi devices in here because I'm not picking anything up so I guess everyone's being smart now and they're not using Wi-Fi at Def Con but yeah this is basically you know that's all there is to it to doing something you know pretty simple so literally all I did here is I'm recording the analog signal I'm Fourier transforming it and displaying it on the screen and that's all there is to it so let's go we're good there so let's head back to the talk I'm glad that worked so so let's talk a little bit about you know trying to image with one of these things so synthetic aperture radar is basically the idea of instead of having you know a really big antenna or a lot of little antennas let's just take this thing and like move it like slide it on a table or something and just keep taking images and there's to basically techniques of doing that one is basically kind of scanning around the object that you want to look at and it's called spotlights are as you might expect the other option is basically trying to scan your radar across a scene and getting you know basically getting is repeating pulses to the side and that's actually it's a little easier to process so that's how this was originally working and I'll give you an example that in a second basically what you're doing is you take these pulses and you can get a lot of information about the phase of that signal so that analog signal that I showed you in the time domain is actually pretty important because all the phase of those frequencies effects like subtly the difference between you know your transmitter and various elements of the target so you can kind of coherently combine those and get a 2d image so this is an example that a doctor Charvet gave gave me of what he built with something that's very similar to this using the same sort of specifications so we have a 2d image from Google Earth and he went out to this field and he did this I think I mean you know you move the base but you move the radar about eight feet and you get an overlay image like this so I'm gonna go back and forth a couple of times but what's cool is you're basically looking at the foliage from the tree so you get all those red areas are basically where there's something that returned and the other thing is you can see that on telephone pole or whatever the hell that is right there is also giving a pretty strong return and the range on this is a couple hundred feet so it's actually pretty good I was testing this in my car one point and I was actually able to get about probably half a kilometer if you're going down the highway and you see like some faraway objects you can kind of see them like getting closer to you as you move so that's kind of neat so let's let's talk about what what you know what you might be able to do to you know improve on this sort of stuff um one thing was that I was talking about before I'd really like to do an inertial star system and unfortunately I've been having some problems with the accuracy of the accelerometer and gyro I'll you know I'm going to be working on that in near future to try to get that accurate enough for my purposes so I can do position tracking for basically a few seconds enough to capture the image and so what we would do is we basically use a Darwin accelerometer figure out relative position and orientation as I move the thing around and the idea is that I don't have to measure that I don't have to like you know carefully annotate what I'm doing is I'm capturing the data it makes it much faster and a cool thing you might be able to do is if you take a GPS and a magnetometer you probably could just dereference it on a map have the direction you're looking and just overlay it on you know Google Earth Map and at this point you can pretty much do that with a smartphone because that's got all of those sensors just add that with a sensor like this and you're good to go you just go to write software um the other thing is something that we might actually be doing at MIT in the next few months is a phased array radar system so what we would do there is we'd have a set of transmit and receive antennas and the path of the system here is we basically switch between pairs of them so you may have you know a couple transmit antennas a couple receive antennas each pair of those if they're spaced appropriately basically gives you a virtual antenna at a different position and so you can just very rapidly switch between you know let's say you have like eight on each side that's 64 different pairs of antennas or 32 anyway whatever you get is 64 yeah I get sixty four pairs of like virtual antennas that you can take and you can very quickly generate an image and I guess so basically what we would get with that is um I have a video here of something that's actually been built this was built by a by MIT this is a was the video okay what they did here is they built a phased array radar system designed to capture images at ten Hertz and what's happening here is they have a metal ball in the middle and then what they did is they rolled another metal ball past it and you can basically see the thing rolling in real time passed the thing and it's pretty neat so you see that little dot there it just kind of comes past and so this is pretty fast there's another video online which I couldn't include due to time there's someone like swinging a baton and it's interesting because like I said before this is an overhead view so if someone's swinging that it's like it looks like a spike and then it kind of spreads out and goes back and forth and back and forth so you know that's a I can play that again um but yeah you can see right there it just kind of comes by and there's a little bit of interference when it comes to past it due to multipath effects of the signal because remember we are looking at electromagnetic waves here but this is a sort of capability you could you know achieve with something you know a little more sophisticated because the real-time aspect is really interested me in real-time imaging I think would be pretty cool to implement especially as like I do it yourself thing so I have a few more references here I guess you can get these from the slides but these are some resources this is probably enough information to build one of these things maybe not with the laser-cut stuff but uh it's it's you know it's um it's it's not that hard I mean it's it's a pretty simple concept and all the parts are available commercially nowadays which is amazing so I guess you know the main reason I gave this talk is cuz I really wanted to see people build something like this you know actually build it and so that's kind of like my call to action is like I would love to see someone do something really cool with this stuff and come back next year and you know say okay I'm gonna give a talk on you know my you know improvements of the system that would be awesome so I think that's about all I have so yeah I guess if there's any questions you know go ahead yeah sorry I I can't hear you oh well the coffee cans are somewhat directional sorry he asked why coffee cans as opposed to a different type of antenna um where coffee cans are fairly directional they were really cheap because their coffee cans we had them anyway but basically it's going to be hard to see inside this thing so you might just have to come back later and see but what the way this works is there's an SMA connector in here and there's a little wire being fed into here so this is this is basically a waveguide port it's an adapter from that little feed antenna to this larger waveguide and then that just it's basically a crappy directional antenna but you could use it in this for Wi-Fi so if you wanted to make your signal more directional it's the exact same principle and if you took some of those really big Wi-Fi antennas you can make a highly directional system just with that so anyone else oh yeah here's which microcontroller I'm using I'm actually using a pick it's a one of the 16-bit picks I tend to get a lot of for using their parts but I in general what I find is if they they're very inexpensive I love that it's just they're very cheap parts and this thing was like 2 bucks and has off-the-shelf USB and stuff so it's pretty good for my applications but oh yeah I should just worth talking about so yes with the power requirements were um I believe this entire system uses about 200 milliamps at 5 volts so like I said it's easily powered by the USB port it's the only power source here the original was powered off of two sets of double A batteries so that's about all you're talking about yeah okay so this system is operating in the wife oh sorry I've got to do some yes how much you know how much could I increase the power the limits of 2.4 gigahertz I believe or a watt but that's a lot I think it's four watts radiated so you could you could transmit what's it okay so you could basically you probably have to transmit a lot and no one's going to complain too much the problem with this is you would have to ban limit it some more so the way this works is it does actually extend past the Wi-Fi bend a little bit and that's why we know we only use it in kind of controlled environments but um basically we don't want to you know step on anyone else's spectrum so I wouldn't transmit a lot in that whole range you know a this is like 10 milliwatts is pretty low so yeah anyone else well yeah um well okay what's the signal-to-noise with Wi-Fi so I guess it's it's pretty it's pretty dull because what you see is actually with the Wi-Fi signals you actually see the burst on the on the spectrum I'm actually I was shocked I didn't see that today I was I was sure someone was gonna be using Wi-Fi device in here but um basically what happens is you get these little blips and the signal and that chirp is like it's a pretty strong signal and it's hard to filter out because it's not like related to your signal at all you're just like basically sweeping right through it and you pick up all that crap but if they're not transmitting it's not really a big deal yeah is the upper frequency limit defined about how easily you can obtain a reference signal the frequency bands that you can operate in are it's mostly there's a few bands you can operate in you pretty much are stuck to the is on bands if you want to do this stuff like legitimately because those are you know what's licensed for kind of this unrestricted or pseudo unrestricted use so if you go up to five gigahertz it would be a little harder to find parts basically as you go up in frequency the parts just get a little more expensive or as you get even higher they can get a lot more expensive but the big thing you want actually a system like this you want wide bandwidth because the bandwidth is get what's giving you that spatial resolution and the time resolution anyone else yeah um yes if I was looking at software-defined radio systems um I think there would be some benefits of that if you wanted to make you know do some certainly the the SAR coherent processing stuff that would benefit greatly from an FPGA system because it does it can take a few seconds to process an image like that on the computer but in this case like the main goal with simplicity and low cost so you know if you bring in you know one of those uh was it FS research boards and like the u.s. RP or something that's going to add a big bit you know a big chunk of change to your design but there's definitely a lot of potential there I would say that's absolutely worth exploring anyone else yeah um yes is the doppler effect from a fast-moving object enough to mess up your position measurement that kind of depends on what you're trying to do okay so I guess if it's if you're trying to measure something moving really fast like on the order of you know like a plane or something you might have you might have some impact so I guess when I was talking about it before I said that something was moving three meters per second which is like a person walking really quickly or maybe slow jog is producing a 24 Hertz signal at the chirp rates I was dealing with you know I think 10 meters correspond to like 667 Hertz so it wouldn't affect it too much but that all depends on your chirp rate and your bandwidth and you know a bunch of other factors so yeah you can you could make it had to have an impact or not and the other thing is there's actually way of disambiguating those because I didn't talk about this but you can you can chirp up and you can shirt back down and if you think about it the effects are a little bit different because the Doppler shift is always going to change the frequency in one direction but if you trip the other direction it'll shift it backwards so all you have to do is kind of figure out what's happening there and you can you can disambiguate them then Oh check keep down questions or okay uh yeah go ahead yeah on that microcontroller would be pretty hard the processing power on this thing is pretty weak it's just it's it's useful for fast to grab or quickly grabbing data if you switch to like a DSP or like you know a nice arm or an FPGA would be you know probably the best option in that regard you could definitely do that it's not it's not a very computationally intensive process I mean this is like a Python script I was running to do the FFT oh okay yeah so to some extent actually for the source stuff we want something a little less directional than that part of it is that the coffee cans were what was available at the time but not what that's probably true yes um but uh yeah I mean it's it's pretty open you basically get different characteristics so if you're trying to do this are imaging having a wide beam width is actually somewhat useful because you can get it decreases some of your spatial fidelity but you also get a wider image so if you have a very narrow beam you're not going to get any signal from something that's you know further apart so it's a trade-off there anyone else okay um I guess if there's anyone else that wants to like see the system closer talk I get think when I move over to the Q&A room so yeah thanks for uh thanks for hearing my talk that's great

Info

Channel: Christiaan008

Views: 40,074

Rating: 4.9124999 out of 5

Keywords: DEF, CON, 19, Hacking, Conference, Presentation, By, Michael, Scarito, Build, your, own, Synthetic, Aperture, Radar, Video

Id: ztR9mdJ1YWU

Channel Id: undefined

Length: 45min 44sec (2744 seconds)

Published: Wed Feb 15 2012