DecodingLora

From RevSpace
Revision as of 11:38, 12 January 2016 by Bertrik Sikken (talk | contribs) (Add project picture)
Jump to navigation Jump to search
Project DecodingLora
DecodingLora Project.jpg
Status Initializing
Contact bertrik
Last Update 2016-01-12

This page is about understanding the LoRa RF modulation format.

LoRa is an abbreviation of Long Range, meaning it is an radio modulation format that gives longer range than straight FSK modulation. This is achieved by a combination of methods: it uses a spread spectrum technique called Chirp Spread Spectrum (CSS) and it uses forward error coding (in combination with whitening and interleaving).

To transmit or receive LoRa signals, you need to buy hardware that supports this modulation format.

The goal of this project is to collect more detailed information on the LoRa modulation and packet format. A concrete result could be that someone writes software which makes it possible to receive and decode LoRa signals with a cheap software defined radio, like rtlsdr.


Modulation basics

The LoRa modulation appears to be defined by the following parameters:

  • the bandwidth BW, meaning the difference in minimum and maximum frequency
  • the spreading factor SF, this is a measure for the number of bits encoded per symbol
  • the coding rate CR, this is a measure for the amount of forward error correction

On the air I have seen the following waveforms:

  • a series of up-chirps at the start of a message (preamble)
  • two down-chirps at the end of the preamble (sync-pattern)
  • data-chirps, these consist only of up-chirps (like the preamble), but with a jump in the "phase"/timing of the chirp. The frequency shift of this jump likely encodes one symbol representing several data bits (SF bits per symbol).

One symbol has a length in time of (2^SF)/BW. Chirps seem to have a constant chirp rate for a specific modulation setting, both when going up and down. When the frequency of a chirp reaches the end of the band, it "wraps around" to the other side. One chirp nominally covers the entire bandwidth BW once during one symbol time.

Investigation

Gqrx bw0 cr2 sf12.png

The image on the right shows the LoRa spectrogram for a short message as recorded by gqrx, when sending a 1-byte payload (with settings SF=12,BW=8,CR=4/8, implicit header). At the bottom of the spectrogram you can see the preamble consisting of 10 up-chirps and 2 down-chirps. At the top of the spectrogram you see the data portion of the signal, consisting solely of up-chirps.

Since the LoRa signal is basically a single carrier being swept over a certain bandwidth in a specific way, it is possible to recover the frequency by FM demodulation of the signal generated by a Semtech chip, in my case from a hoperf RFM95 module. This allows for a more compact representation of the signal for analysis.

Audacity bw0 cr4 sf8.png

The image on the left shows the audio captured in audacity from an FM-demodulated LoRa-signal (with settings BW=8kHz, CR=4/8, SF=8, implicit mode, 1-byte payload).

On the top of the image the signal is shown when the payload is 0x00. On the bottom of the image the signal is shown when the payload is 0xFF. In the highlighted area, some differences can be seen between the FM-waveforms.

Some experimentation shows that when the preamble length n is set to 0 through the register interface, we still see 2 up-chirps and 2 down-chirps (plus 1/4th of a up-chirp) in the preamble on-air. This is consistent with the preamble timing formula in the datasheet, which states that the preamble is (n + 4.25) symbols long.

Recordings

See here for some IQ recordings of the LoRa signal.

The filenames contain a code for the LoRa modulation setting which was used for each recording. This should mostly be obvious. For example, a postfix of BW21CR48SF6PL64x00 means the following:

  • BW21: Bandwidth is approximately 21 kHz (20.8 actually)
  • CR48: Code rate is 4/8
  • SF6: Spreading factor is 6
  • PL64x00: Payload is 64 bytes of 0x00

The files were recorded on ms windows using sdr# v1.0.0.1111 at a sample rate of 1024 kHz.

External links