2 Slot Tdma
Project 25 phase 2 (TDMA) decoding in software works
- The current standards effort focuses on 2-slot TDMA which provides two voice traffic channels in a 12.5 kHz allocation. At this time, Phase 2 is all about traffic channels on trunking systems.
- The 30 msec slot size defined for the two-slot TDMA solution provides for the following formats: One slot represents 360 bits and 30 msec. 12 slots are contained in a 360 msec superframe. (Phase 1 uses a 360 msec superframe.).
With a 2-time slot TDMA system, two users can share the same frequency in the following manner: User 1 gets to use the frequency for a very short fixed period of time, perhaps 50 milliseconds. Then the channel reverts to user 2 who gets 50 milliseconds. Time division multiple access (TDMA) is a channel access method (CAM) used to facilitate channel sharing without interference. TDMA allows multiple stations to share and use the same transmission channel by dividing signals into different time slots. Users transmit in rapid succession, and each one uses its own time slot.
Over a year ago, I started worrying about what would become of my software-based scanner site after the county built their new radio system. Whereas my existing work from 2011 worked on a Motorola Smartnet system with regular analog FM audio channels, this new system would be P25 with TDMA channels ('phase II') -- two talk paths per frequency.
We've all known this was coming, and so back in June 2013 I put out anofferto supply a raw recording of a new-style system to anyone who wanted to hack on it. I didn't get many queries, but fortunately out of the few people I did manage to reach, I found the right ones: the folks behind theOP25 project.
Yep, that's right, they managed to do it. There is TDMA decoding support in the OP25 tree as of earlier this year. You have to glue together the pieces yourself, but that's relatively easy. The hard work of figuring out all of the TIA-102 standards documents and turning it into code has been done already.
In terms of practical applications, this means it's possible to take a wideband stream of a whole trunked system, filter out the control channel, and send it through OP25 to get P25 messages out. You still have to figure out what all of those opcodes and bitfields mean, but that's a largely solved problem. Tools like UniTrunker have been doing this for years. Plus, the TIA-102 documents explain all of it if you can afford to get a copy... or just find it online at some sketchy PDF viewer site overseas.
With the control channel messages decoded, it becomes possible to look for 'voice grant' and 'voice grant update' messages which tell you who's talking (the radio ID), where they are talking (channel number) and who they are talking to (talkgroup). It's around this time you realize that the channel number itself does not directly tell you where to tune your receiver. For that, you have to capture a few other messages which tell you how the system lays out its bands.
Once you know that band 1 is from X to Y MHz and is using 2 slot TDMA with channels that are Z kHz wide, then when you see a call arrive for 'band 1 chan 1234', you can do the math and arrive at some actual usable frequency. It'll also tell you what slot number you should be decoding from the data stream.
FCC Station Class Codes
This is the point anyone could have gotten to before with the previously-available tools: knowing a TDMA transmission was happening, and even knowing exactly where it was, but the actual voice was unattainable. OP25 developments of the past year have changed that. It's now possible to set up a receiver on that channel (as determined above) and do the whole demod/slicing/framing pipeline into their new phase II handler, and it will yield 8 kHz audio, ready for storage in a WAV file or whatever else you might like.
I can say this with some certainty since as of last weekend, this now exists. There is a prototype system running here which will decode control channel messages and kick off TDMA listeners to grab audio. When the call is done, I wind up with a nice MP3 file.
Want proof? Okay, here's a call recorded on Saturday night using a $20 RTLSDR stick, a Mac mini running GNU Radio, OP25, and my own software:
As with the existing system, parallel calls are no problem, even if they are two timeslots from the same channel. It's currently handling this rather inefficiently by duplicating the tuning paths, but optimization is not worth the trouble at this point. Eventually it will get smarter.
If OP25 had this support months ago, why did this not happen for me until Saturday? That's easy. It took a 'real event' on this new radio system to generate enough traffic to make it worth working on this problem. Before that point, it was thousands (not an exaggeration) of test calls over and over from different radio techs calling each other from different parts of the valley. For a little while we did have some Public Works stuff going on, but that's completely uninteresting and it stopped anyway.
It took an actual stadium event using 3 talkgroups on the new system at the same time to make it worth the trouble. While there are now scanners being sold which can receive this new traffic, no scanner can receive more than one call at a time, never mind three. That kind of parallelism is the real reason to bother with this kind of software setup.
What happens now? Well, there still is no traffic on the new system from day to day. As I write this on a Monday morning, there hasn't been anything significant to report for over 24 hours. (I can tell by looking at the recordings from the new program!) It won't start getting really interesting until local police and fire agencies switch over.
At that point, it'll make sense to work on it some more. Until then, I have bigger fish to fry.
From The RadioReference Wiki
An emission designator is a code associated with a frequency that gives information about the frequency's bandwidth and the nature of the signal on the frequency.
For scanner users, it can be useful for determining whether a frequency is analog or digital, and even whether the frequency transmits voice and/or data.
Identified Emission Designators
Radioreference.com P25 Info
| Designator | Description |
|---|---|
| 60H0J2B | PSK31 |
| 100HN0N | Speed Radar (10525 MHz X band; 24150 MHz Ka band) |
| 150HA1A | Continuous Wave Telegraphy (manually read Morse Code) |
| 500HJ2D | MT63-500 50 WPM |
| 500HXXA | Dual carrier NDB (non-directional beacon) with 400 Hz modulation |
| 800HA2A | Single carrier NDB (non-directional beacon) with 400 Hz modulation |
| 1K00J2D | MT63-1000 100 WPM |
| 1K12XXA | Dual carrier NDB (non-directional beacon) with 1020 Hz modulation |
| 2K00J2D | MT63-2000 200 WPM |
| 2K04A3A | Single carrier NDB (non-directional beacon) with 1020 Hz modulation |
| 2K80J2B | HF RTTY (Radio Teletype) |
| 2K80J2D | HF PACTOR-III |
| 2K80J3E | Amplitude modulated (AM) analog voice, single sideband suppressed carrier (USB or LSB, not at the same time) |
| 3K00H2B | HF ALE MIL-STD-188-141A/FED-STD-1045 |
| 3K30F1D | 6.25 kHz SCADA link (CalAmp Viper SC – 173 MHz) |
| 4K00F1D | NXDN 6.25 kHz data (IDAS, NEXEDGE) |
| 4K00F1E | NXDN 6.25 kHz digital voice (IDAS, NEXEDGE) |
| 4K00F1W | NXDN 6.25 kHz digital voice and data (IDAS, NEXEDGE) |
| 4K00F2D | NXDN 6.25 kHz analog FM CW ID (IDAS, NEXEDGE) |
| 4K00J1D | Amplitude Compandored Sideband (pilot tone/carrier) |
| 4K00J2D | Amplitude Compandored Sideband (pilot tone/carrier) |
| 4K00J3E | Amplitude Compandored Sideband (pilot tone/carrier) voice |
| 5K60F2D | SCADA |
| 5K76G1E | P25 CQPSK voice (typically used for simulcast systems – this is NOT P25 Phase II) |
| 6K00A3E | Amplitude modulated (AM) analog voice, double sideband full carrier (AM mode in RadioReference.com Database) |
| 6K00F1D | SCADA Carrier Frequency Shift Keying |
| 6K00F2D | SCADA Audio Frequency Shift Keying |
| 6K00F3D | SCADA Analog data that is not AFSK (variable tone, DTMF, etc.) |
| 6K50F1D | SCADA/Data 4.8 GFSK in 12.5 kHz channelspace (LMR use by CalFire for AVL) |
| 7K60FXD | 2-slot DMR (Motorola MOTOTRBO) TDMA data |
| 7K60FXE | 2-slot DMR (Motorola MOTOTRBO) TDMA voice |
| 7K60FXW | 2-slot DMR (Motorola MOTOTRBO) TDMA data + voice |
| 8K00F1D | P25 Phase I C4FM data |
| 8K10DXW | P25 Phase II 4 Level H-CPM Data/Voice (Harmonized Continuous Phase Modulation – H-CPM) |
| 8K10F1D | P25 Phase I C4FM data |
| 8K10F1E | P25 Phase I C4FM voice (P25 mode in RadioReference.com Database) |
| 8K10F1W | P25 Phase II subscriber units (Harmonized Continuous Phase Modulation – H-CPM) |
| 8K30F1D | NXDN 12.5 kHz data (Wide IDAS, NEXEDGE) |
| 8K30F1E | NXDN 12.5 kHz digital voice (Wide IDAS, NEXEDGE) |
| 8K30F1W | P25 Phase I C4FM hybridized voice and data applications (most commonly seen on trunked licenses) |
| 8K30F7W | NXDN 12.5 kHz digital voice and data (Wide IDAS, NEXEDGE) |
| 8K40F1D | P25 Phase I (4 Level C4FM Data) |
| 8K40F1E | P25 Phase I (4 Level C4FM Voice) |
| 8K40F9W | Harris OpenSky (NPSPAC - 4 slot Data/Voice) |
| 8K50F9W | Harris OpenSky (2 slot narrowband) |
| 8K70D1W | P25 Linear Simulcast Modulation ASTRO (9.6 kbps in 12.5 kHz channelspace) |
| 9K20F2D | Zetron-based alphanumeric paging/alerting system (seen in practice using Daniels base stations) |
| 9K30F1D | SCADA/ Remote Control |
| 9K36F7W | Yaesu System Fusion C4FM (Voice Wide * Voice Narrow + Data * Data Wide) |
| 9K70F1D | P25 Linear Simulcast Modulation “WCQPSK” data (per Harris MASTR-V literature) |
| 9K70F1E | P25 Linear Simulcast Modulation “WCQPSK” voice (per Harris MASTR-V literature) |
| 9K70D1W | P25 Linear Simulcast Modulation “WCQPSK” voice (per Harris MASTR-V literature) |
| 9K80D7W | P25 Phase II fixed-end 2-slot TDMA (Harmonized Differential Quadrature Phase Shift Keyed modulation – H-DQPSK), per Motorola literature |
| 9K80F1D | P25 Phase II fixed-end 2-slot TDMA H-DQPSK data, per Harris MASTR-V literature |
| 9K80F1E | P25 Phase II fixed-end 2-slot TDMA H-DQPSK voice (interpolation of MASTR-V literature) |
| 10K0F1D | LTI Automated Vehicle Location (AVL) system - LT6 Radio Modem |
| 10K0F1D | RD-LAP 9.6 kbps data on narrowband channel |
| 10K0F1D * | Motorola Widepulse ASTRO simulcast data |
| 10K0F1D * | Motorola Widepulse ASTRO simulcast control channel |
| 10K0F1E * | Motorola Widepulse ASTRO simulcast voice |
| 11K0F1D | Narrowband data, type of data not specified |
| 11K0F3E | Narrowband analog voice, considered by the FCC to be identical to 11K2F3E |
| 11K2F1D | POCSAG paging (narrowbanded, i.e., Swissphone alerting) |
| 11K2F2D | Frequency modulated (FM) 2.5 kHz deviation audio frequency shift keying within a 12.5 kHz channelspace (commonly used for 1.2 kbps packet, FFSK station alerting, and AFSK outdoor warning siren signaling) |
| 11K2F3D | Frequency modulated (FM) 2.5 kHz deviation DTMF or other audible, non-frequency shift signaling, such as Whelen outdoor warning sirens or “Knox-Box®” activation |
| 11K2F3E | Frequency modulated (FM) 2.5 kHz deviation analog voice, 'narrowband 12.5 kHz' (FMN mode in RadioReference.com Database) - may also be 11K0 and 11K3 bandwidth |
| 11K2F9W | Formerly and incorrectly used as a catch-all narrowband emission for analog and digital use. Each appropriate emission should be listed discretely. |
| 12K1F9W | Harris OpenSky (NPSPAC - 4 slot Data/Voice) |
| 13K1F9W | Harris OpenSky (SMR - 4 slot) |
| 13K6F3E | Frequency modulated (FM) analog voice, 3.8 kHz deviation (900 MHz) |
| 13K6W7W | Motorola iDEN (900 MHz) |
| 14K0F1D | Motorola 3600 baud trunked control channel (NPSPAC) |
| 14K0F3E | EDACS Analog Voice (NPSPAC) |
| 15K4F9W | Harris OpenSky (SMR - 4 slot Data/Voice) |
| 16K0F1D * | Motorola 3600 baud trunked control channel |
| 16K0F2D * | 4 kHz deviation FM audio frequency shift keying (72 MHz fire alarm boxes) |
| 16K0F3E * | Frequency modulated (FM) analog voice, 4 kHz deviation (NPSPAC); (FM mode in RadioReference.com Database) |
| 16K0G1D | EPIRB (406 MHz) |
| 16K8F1E * | Encrypted Quantized Voice (Motorola DVP, DES, DES-XL on NPSPAC) |
| 17K7D7D | Motorola HPD High Performance Data – “Astro 25' suite, as Motorola HAI (High performance data Air Interface) – 700/800 MHz – requires 25 kHz channelspace |
| 20K0D1E | Reduced power TETRA – PowerTrunk 4/TDMA fixed-end (voice) |
| 20K0D1W | Reduced power TETRA – PowerTrunk 4/TDMA fixed-end (simultaneous mixed modes) |
| 20K0D7D | Reduced power TETRA (data) |
| 20K0D7E | Reduced power TETRA (voice) |
| 20K0D7W | Reduced power TETRA (simultaneous mixed modes) |
| 20K0F1D | RD-LAP 19.2 kbps within a wideband channel (2013 compliant, meets data throughput requirement) |
| 20K0F1E * | Encrypted Quantized Voice (Motorola DVP, DES, DES-XL - NOT P25 DES-OFB/AES) |
| 20K0F3D * | Frequency modulated (FM) 5 kHz deviation DTMF or other audible, non-frequency shift signaling, such as Whelen outdoor warning sirens or “Knox-Box®” activation |
| 20K0F3E * | Frequency modulated (FM) analog voice, 5 kHz deviation; 'wideband 25 kHz' (FM mode in RadioReference.com Database) |
| 20K0G7W | Motorola iDEN (800 MHz) |
| 20K0W7W | Motorola iDEN (800 MHz) |
| 20K0F9W | A 'catch-all' designator originally intended for a number of simultaneous emissions, but has been misused as a single designator to indicate multiple types of operation. |
| 20K1D1D | Reduced power TETRA – PowerTrunk 4/TDMA fixed-end (data) |
| 21K0D1W | TETRA ETS 300 392 Standard |
| 22K0D7D | TETRA (data) |
| 22K0D7E | TETRA (voice) |
| 22K0D7W | TETRA (simultaneous mixed modes) |
| 22K0DXW | TETRA Subscriber Units (mobiles and control stations) |
| 30K0DXW | TDMA Cellular (North America) |
| 40K0F8W | AMPS Cellular |
| 41K7Q7W | Iridium satellite terminals (1.616-1.626 GHz) |
| 41K7V7W | Iridium satellite terminals (1.616-1.626 GHz) |
| 55K0P0N | CODAR oceanographic RADAR (swooping signals on HF with approx. 1 second sweep time) 3.5 - 5 MHz |
| 100KC3F | ReconRobotics surveillance robot video (430-450 MHz) |
| 100KP0N | CODAR oceanographic RADAR (swooping signals on HF with approx. 1 second sweep time) 12 - 14 MHz |
| 170KP0N | CODAR oceanographic RADAR above 24 MHz |
| 200KF8E | Broadcast FM with Subsidiary Communications Subcarrier |
| 250KF3E | Television Broadcast Audio (NTSC analog) |
| 300KG7W | EDGE (Enhanced Data rates for GSM Evolution) |
| 300KGXW | GSM Cellular |
| 500KD7W | Broadcast Radio Digital Studio to Transmitter Link 2048 kbps 32 QAM |
| 500KF8W | Broadcast Radio Analog Studio to Transmitter Link |
| 1M25F9W | CDMA Cellular |
| 2M40W7D | Remote Control Video (digital, non-NTSC) |
| 3M00W7W | SouthernLinc LTE (all four emissions used) 3 MHz bandwidth |
| 5M00G7D | Public Safety LTE (all four emissions used) 5 MHz bandwidth |
| 5M00W7W | Public Safety LTE (all four emissions used) 5 MHz bandwidth |
| 5M00G2D | Public Safety LTE (all four emissions used) 5 MHz bandwidth |
| 5M00D7D | Public Safety LTE (all four emissions used) 5 MHz bandwidth |
| 5M75C3F | Television, NTSC analog video (with 250K0F3E aural carrier) |
| 6M00C7W | Television, ATSC Digital TV (video and audio) |
| 10M0G2D | Public Safety LTE (all four emissions used) 10 MHz bandwidth |
| 10M0W7W | Public Safety LTE (all four emissions used) 10 MHz bandwidth |
| 10M0D7D | Public Safety LTE (all four emissions used) 10 MHz bandwidth |
| 10M0G7D | Public Safety LTE (all four emissions used) 10 MHz bandwidth |
| 30M0D7W | Microwave Link Transmitter using 2048 QAM in 30 MHz bandwidth |
| 42M6D7W | Microwave Link Transmitter QPSK |
| 45M2D7W | Microwave Link Transmitter 16 QAM 45 MHz |
| 45M8D7W | Microwave Link Transmitter 32 QAM 45 MHz |
| 45M8D7W | Microwave Link Transmitter 64 QAM 45 MHz |
| 47M8D7W | Microwave Link Transmitter 128 QAM 47 MHz |
| 47M1D7W | Microwave Link Transmitter 256 QAM 47 MHz |
* When used between 136 - 470 MHz in Part 90 use, this technology is not compliant with 2013 narrowbanding requirements and must be discontinued by January 1, 2013. As of January 1, 2011, this emission may no longer be applied for between 136 - 470 MHz in Part 90 use, unless it fits within the existing contours of an already licensed system. These emissions may not appear on a new license or be used to extend the footprint of an already licensed wideband system beyond what existed prior to January 1, 2011.
VHF Low Band has not been required to narrowband. A 20K0 emission bandwidth continues to be acceptable for nearly all uses.
Note that an emission designator identifies the characteristics of the signal and is not unique to only one type of technology or manufacturer. More than one type of deployed technology may use the same emission designator.
An editor of this wiki cautions that this guide should not be used by any party as the sole means to qualify or disqualify a license application. THERE IS NO 'RIGHT' OR 'OFFICIAL' EMISSION DESIGNATOR SPECIFIED BY THE FCC. The reader should not construe that because it's not on this list that it is wrong. This wiki is a reference document, not a directing document.
Use of F9W Suffix
Some license application preparers have used the suffix F9W to indicate that multiple different emissions within the specified bandwidth are possible. This simplifies filling information into the FCC 601 form, but does not reflect each specific modulation type. For example, 11K2F9W may indicate that the system toggles between narrowband analog voice and P25 (or some other) digital emission, but not at the same time. A strict interpretation of ITU emissions indicates that the F9W suffix is both analog and digital simultaneously, and is therefore incorrect. A properly completed 601 form should itemize each discrete emission intended so the technologies used may be easily identified.
See Full List On Wiki.radioreference.com
The exception to using F9W is Harris OpenSky, which has been certificated by the FCC as F9W, although F7W may be better descriptive.
Related Wiki Articles
