Towers of Power: prototype components

Scanning frequencies

The perl scanning script required Net::Telnet, which we realized when we finally specified the command. We defined a csv file with the frequencies we want to scan–then by specifying the path to the file and running the code below, the gqrx scan script finds the frequency with the most activity and records when the signal strength surpasses a certain level. We allowed more noise in gqrx than we defined in gqrx-scan (so a recording is harder to trigger). Still, we noticed that we occasionally just get recordings of static. Also, moving the SDR seems to affect the levels.

$ perl gqrx-scan –type file –pause 2 –delaylevel=-34 –delaytime 5 –record –monitor


Used the virtualenv instructions from surveillance & society class last semester. I think Twilio’s documentation might be out of date. I started following their instructions at the requirements.txt section.

Started sample code for simply sending an SMS and experimented with triggers that Twilio already had examples for (sends administrators a text when you hit an error page). To demonstrate how our app would function, we want to try to send a text when a file is saved (to the pi, or to the server, for example).

Prototype progress

We think a fully working prototype will incorporate all of these elements:

SDR with Raspberry pi -> scan with gqrx scan -> digital speech decoder -> output file -> incron job  -> if new file, then trigger twilio

We are working to get as many of these components working on Raspberry Pi as possible, to be able to demonstrate how it would work.

Final updates

For the final Marco, Dorothy and I going to work on demodulating frequencies that use APCO Project 25. We’d like to see if we can decipher (1) whether communication is occurring and potentially (2) the information being transmitted. We’re not sure if communications might be encrypted but this itself might be useful information. If we have time we’d also like to build a tool that could send relevant information gleaned to affected parties.

The RTL-SDR tutorial I found before last class ended up being a pretty good one for pointing us in the right direction. We’re not using SDRSharp but we found this pretty detailed tutorial for how to use digital speech decoder (DSD) using GQRX. They also have a github. We were able to get as far as piping audio over UDP. After installing DSD, alsa-oss, and socat, you can display and set the port audio devices for dsd (we used 5 because this was our default; in the tutorial he used 11):

$ ./dsd -a

$ ./dsd -i pa:5 -o pa:5

Then we could get hex output, using this command:

$ socat stdout udp-listen:7355 | xxd

I think piping in audio through dsd is just a matter of changing the command to which the audio is getting piped, but when I tried this with a signal gqrx froze (example code below is saving output to a .wav file). I wonder if it will be a problem doing this in real time? Still, right now I think we are just trying to get enough P25 signal to play with. Another question I have is whether the mode we’re using to record/pipe audio will matter once we pass it through DSD?

$ socat stdout udp-listen:7355 | ./dsd -i – -w dsd_output.wav

We are using a linux laptop while we figure these pieces out. In an ideal deployment we also don’t want a human to have to listen constantly, so Dhruv pointed us to gqrx-scan to automate this piece, which will allow us to record and hopefully automate a response as much as possible when there is a signal. Assuming this all goes smoothly, we will create a prototype using Raspberry Pi that we could sell/deploy to various areas.

Frequencies for testing P25 decoding

NYC, National

SDR, digital voice & P25

This week we used our SDRs and gqrx to listen to different frequencies. There’s some playing around required with squelch and gain before you can actually listen to something. I looked at radio reference to find radio frequencies used for communications in NYC. These communications happen on narrow FM. If you type in the frequency and then move the red receiver bar around, you can listen in on some usually mundane but sometimes funny or interesting stuff. I wondered whether the “hardware freq,” which shows up under “receiver options” and changes when you match the red receiver bar up with where you see information on the waterfall, was supposed to match up with the publicly available frequency? Are these just separate channels?

I found a number of organizations’ communications frequencies are publicly available, but often the “mode” they use is P25 “a digital voice specification used by first responders worldwide” according to this person on youtube. Tuning in to the frequencies posted publicly, it was clear the transmissions I was hearing sounded like those demonstrated in the youtube video, which made me hopeful that I had at least identified them correctly.

After doing some research I found that there’s and open source software project, OP25, that can demodulate these communications.

Going to try and get OP25 working in VirtualBox so we can play with OP25 even on a Windoze system. Here’s the general plan:

1. Install Ubuntu on Virtual Box
2. Install GNU Radio
3. Install OP25
4. Plug in my RTL SDR dongle, configure OP25 accordingly and see if it works.

From the radio reference forum.

I tried downloading OP25 using their installation instructions, but I couldn’t launch gnuradio by typing gnuradio into terminal which had be stumped for a while. I tried downloading gnuradio from their site, which was perhaps unnecessary, before coming to the understanding that gnuradio doesn’t have a gui interface–to open something resembling the gui interface I had seen the videos/tutorials I actually had to enter: $ gnuradio-companion. This seems like a non-trivial point! It’s important to know what a thing is, not just that you “need” it:

It’s extremely useful. However, there are ways to use GNU Radio without being able to code. First, there’s the GNU Radio Companion, a graphical user interface similar to Simulink. It allows you to create signal processing applications by drag-and-drop. Also, GNU Radio comes with a set of ready-to-use tools and utility programs. These serve to manage the most basic operations, such as recording RF signals and performing spectrum analysis. If this has sparked your interest, perhaps have a look at the beginner’s guide how to use GNU Radio.

If you want to extend GNU Radio (i.e., add new functionality), however, then you must write code. For creating applications that are too complex for the GNU Radio Companion, Python is the easiest way to go. For performance-critical code, you should write C++ code.

From the GNU Radio wiki 

Once opened, I realized I had to write a “flow”/program and got stuck. There are tutorials so perhaps I will be able to write a functional program soon.

After all of this and ubuntu yelling at me because I only had 200mb of memory left on my virtual box, I realized also has a tutorial on decoding digital voice, which was very helpful in understanding more broadly what P25 effectively is, and the different ways of listening to any “unencrypted digital radio voice conversations.” The tools they suggest are: RTL-SDR software defined radio combined with SDRSharp and a program called “digital speech decoder” (DSD). They also note “The most common digital speech codec is APCO P25, which DSD is able to decode,” and, regarding encryption: “most users of digital radio do not bother to encrypt their systems as it can introduce lag, monetary expense and extra battery drain in portable radios.”

I’m not sure if this second method is a better solution?

Built to Last: ch.3-4 response

I used to think I didn’t understand the motivation of for-profit companies, but now I think I understand it even less. If part of what makes a company ‘visionary’ is its pursuit of varied goals and a ideals, then what’s the point of being for-profit? I understand that making money is important for the continued existence of a company, for it to invest in its development, guiding, and for it to pursue its main purpose while maintaining its foundational principles, but don’t non-profits also do this? And aren’t non-profits even better positioned to re-invest any profit rather than having to give it away? If the point is to get initial investment funds, wouldn’t the leaders of a company want to buy out the shareholders whose sole interest is continued interest? I didn’t study business and have always viewed money and simply a means to an end, so I’m probably missing something. But then Packard said “Profit is not the proper end and aim of managements–it is what makes all of the proper ends and aim possible” so maybe I’m not.  I realize there are probably a number of accounting/practical differences between the two so I wonder what goes into the calculation of being either. Anyway, if a for-profit structure was imposed upon me I think I’d try to keep shareholder influence to a minimum at most.

I liked this formula, where core values are “a sound set of [authentic] beliefs on which it premises all its policies and actions”, and purpose is “the set of fundamental reasons for a company’s existence beyond just making money”:

Core Ideology = Core Values + Purpose

Chapter 4 expanded on the book’s core thesis, that visionary companies “preserve the core” while they simultaneously “stimulate progress.” They explain “A visionary company protects its core ideology, yet all the specific manifestations of its core ideology must be open for change and evolution.” I couldn’t help but think these qualities could define a person as easily as an organization, and so this made a lot of intuitive sense.


This week we made a device a client of the Towers of Power VPN–I used the virtual box we set up last week. Downloading openvpn and running the ssh server were pretty straightforward. The ps command allows you to see a snapshot of current processes.

After creating the client.conf file and leaving my cert and key lines blank, I thought I’d need to generate these using easy-rsa. I downloaded this, since it didn’t come with the version of OpenVPN I installed, and spent a lot of time trying to figure out how to generate keys this way. Luckily Sharif saved me from my descent down this path–it seems like the cert and key information was just our netid’s! Then we could SSH into the server using the instructions on the Towers of Power github.

Then, you can log in from the client machine and scp the appropriate files from the server to the client. I also confirmed tun0 was open using the ifconfig command.

Built to Last: ch.1-2 response

It was interesting to reflect on the take-aways presented in the first chapters of Built to Last that apply to any organization. This weekend I was thinking about the non-profit organizations at which I’ve worked, faith in U.S. government institutions (I was amused the the U.S. government’s founding was brought up as as example), and non-state groups and movements. We are in a school that emphasizes technology, and of course there are implications for the entrepreneur building a more traditional company.

Last year during NYC Media Lab’s conference, there was a speaker addressing how to keep a company relevant in a rapidly changing technological climate. I remember thinking, why should companies endure indefinitely? Maybe a company should do one thing well and when that thing becomes irrelevant, it should die so something else can take its place. Built to Last suggests a shift in thinking that focuses not on a particular product, instead emphasizing the processes and cultures in place that allow whatever its current goals are to be realized, and realized well. In order to assess the uniqueness of companies that have been able to “transcend dependence on the original visionary founders” the authors selected a sample of “premier institutions” that are “widely admired,” that have had an “indelible imprint” on the world, “multiple generations of chief executives,” “multiple product/service lifecycles” and that were “founded before 1950,” as well as a set of comparison companies. Chapter one lays out the methodological rigor of their study while chapter two expands on one key quality of the founders of visionary companies: they were “clock-builders” rather than “time-tellers.” They built an organization that could “tell time,” or do whatever it was they did well, even after they were no longer leaders of their companies.

I’m currently working at a company where we have a lot of discussions about how we see our work affecting the world and how we can use a clear understanding of our mission to be more strategic. Something we’ve stated less explicitly, but that has come out of these discussions and that chapter two allowed me to identify, is the values we all share. They underly everything else. I think they are aligned and consistent across the organization but I’m not sure I thought of them as “core.” Now I wonder how I can create processes that reflect these core values and outlast me. It’s a new frame with which to evaluate leadership at the organization as well.

The authors asserted the United States needs to “gain a better understanding of our enduring core purpose” which pushed me to further evaluate the usefulness of this paradigm. Not to oversimplify the current democratic crisis in the United States, but it does seem as though there’s a fundamental disagreement about the core purpose of this country, and moreover, who has a valid voice in defining this. This frame also seems useful in evaluating social movements: for example, the Black Lives Matter movement now seems to be much less centrally governed than civil rights movements in the past, but has a very clear core purpose and this is part of what makes it so powerful. Last, I think its useful in understanding the persistence of certain groups and ideas that strike terror: for example white supremacy and nazism in the West, and radical Islamic groups in the Middle East and North Africa. Again, while these groups have a leadership structure, vanquishing them requires much more that simply eliminating leaders likely in part because there is that strong and well-defined core purpose.

Finding IMSI and IMEI numbers

We were tasked this week with finding our phones’ IMSI and IMEI numbers. In researching how to find these, I came across how-to’s that mentioned several other kinds of numbers. Quora helped me clarify exactly what I was looking for:


International Mobile Subscriber Identity. This is a unique identifier that defines a subscriber in the wireless world, including the country and mobile network to which the subscriber belongs. It has the format MCC-MNC-MSIN. MCC = Mobile Country Code (e.g. 310 for USA); MNC = Mobile Network Code (e.g. 410 for AT&T), MSIN = sequential serial number. All signaling and messaging in GSM and UMTS networks uses the IMSI as the primary identifier of a subscriber.
The IMSI is one of the pieces of information stored on a SIM card.


IMEI is short for International Mobile Equipment Identity and is a unique number given to every single mobile phone, typically found behind the battery.

I have an iPhone, so I found my phone’s IMEI number by going to “Settings” then “General” then “About.”

Finding my IMSI was more complicated. Instructions I found indicated “In order to find your IMSI you must have a jailbroken and activated iPhone. Otherwise your attempts will fail,” and my iPhone is not jailbroken. I found an Apple thread that suggested I could use a SIM card reader (these do not seem easy to find but I’d be happy to know where to find one). Finally, I found instructions for displaying IMSI when you dial “* # 0 6 #” which did display a number! The same site seemed to be saying the IMSI and IMEI/MEID codes were functionally equivalent numbers for Android and iPhone, respectively, but I’m not sure if that’s right. If it is, I’m not sure what number I got to display.