[time-nuts] GPS Spoofing
jfor at quikus.com
Sun Jul 28 15:54:56 EDT 2013
Not so at all.
What I described is a simple means to make a receiver see different GRIs
and TDs than what it might see off the air. The system can accurately set
any GRI in 1 uS increments and any one of several TDs to 1 uS also. That
is hardly a jammer.
Furthermore, if the Tek DD501s were replaced by something like BNC
programmable Digital Delays, you could change the received position over
> I've just been catching up on this thread.
> The subject says GPS Spoofing, but most of the replies seem to revolve
> around jamming. Not the same thing.
> Just a thought...
> -----Original Message-----
> From: time-nuts-bounces at febo.com [mailto:time-nuts-bounces at febo.com] On
> Behalf Of J. Forster
> Sent: 28 July 2013 20:06
> To: Discussion of precise time and frequency measurement
> Subject: Re: [time-nuts] GPS Spoofing
> The point about the duty cycle being low is correct. And, there are
> commercial linear power amps, like the used ones made by ENI and others,
> that can easily put out 1 kW plus narrow pulses.
> Furthermore, the pulse generator is trivial to make with a Rb, 3 or more
> Tektronix DD501s, a simple OR gate and a gated oscillator at about 100
> I've cobbled up that setup several times as a LORAN-A simulator.
> The main difficulty is getting a reasonable match to an efficient antenna
> 100 kHz.
>> Since it's a pulse system, and you get to position your pulse for
>> maximum effect, I don't see any reason to generate CW power. Simply
>> mimic the lowest power slave in the chain. There's very little
>> redundancy with Loran, so spoofing one station will mess it up. No
>> need to mask the entire chain. At most you would need to hit two low
>> Math wise:
>> Wavelength is 10,000 ft / 3,000M. Throw things off by ~10% of that and
>> you have problems in a harbor. You would need to play a bit to see
>> weather a pulse every so often does the trick or not. Is that 20 db
>> below the slave or not ? You'd have to play with it. It's in that
>> range. A spoof that says they are on the other side of the world isn't
>> going to work. One that says you are on the north side of the channel
>> (when you are on the south side) is what would work.
>> Power within a pulse set at a 5:1 duty cycle. For a 50,000 us GRI you
>> have another 50:1. For longer GRI's you might add another 2:1. Net is
>> a peak to average ratio of 250-1000 to 1. Put another way, a 500W
>> pulse is ~
>> 1 average.
>> Power at 100 KHz = what's in a fairly cheap switching power supply.
>> Plug it into the wall. A couple hundred watts (or even KW) pulse is
>> cheap. Say you have 120W out of the wall (or a car battery). If the
>> math above is correct and you can run 80% efficiency, that's a pretty
> powerful pulse.
>> It's probably cheaper to generate something at 50:1 rather than the
>> > 200:1. A 5KW is a *lot* of RF, even into a simple antenna.
>> Antenna - there's a couple ways to do that. All of them are tradeoffs
>> (size / cost / power). The cheap way is to use a wire that's already
>> there.. Since you don't need to propagate (near field), the antenna
>> efficiency could be higher than you would think for some antennas.
>> Is it easier than that with some smarts involved in the pulse -
>> probably yes. Do the smarts raise the hardware cost significantly? -
>> you'd have to build a few and find out. What really drives this or
>> that Loran receiver nuts? I'm quite sure you could work that out with
> to play with.
>> Am I gong into the Loran-C jammer business? No, so don't contact me
>> off list to buy one. The point is not *have* I built one, but could
>> one be built easily.
>> On Jul 28, 2013, at 1:29 PM, "Poul-Henning Kamp" <phk at phk.freebsd.dk>
>>> In message <DAB33AEF-98EF-4503-89A7-657F0D25AC48 at rtty.us>, Bob Camp
>>>> I'm not talking about taking out Loran-C over the entire North
>>>> The target is a harbor sized area. For that, you certainly do not
>>>> need a 600' antenna or megawatts of power.
>>> No, you need about 600W (continuous) and a loop-antenna about 5m in
>>> Do the math, It's not as easy as you think.
>>> Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
>>> phk at FreeBSD.ORG | TCP/IP since RFC 956
>>> FreeBSD committer | BSD since 4.3-tahoe
>>> Never attribute to malice what can adequately be explained by
>> time-nuts mailing list -- time-nuts at febo.com To unsubscribe, go to
>> and follow the instructions there.
> time-nuts mailing list -- time-nuts at febo.com To unsubscribe, go to
> and follow the instructions there.
More information about the time-nuts