In the “Init position” tab, you can configure the connection to the UBLOX receiver for getting the current coordinates, accuracy, as well as time, and information about the satellites being observed.

Once the current time is determined, you can download the Ephemeris and Almanac files.

The “USRP” tab provides the following settings/adjustments:

• USRP name - the name of your USPR board that you preset in NI-USRP Configuration Utility;
• IQ Rate - IQ sample rate. The minimal value is “1.5 MH.” The maximal value is “5 MHz.” The higher the value you input, the more CPU on your computer devices is used/loaded;
• 10 MHz Ref - The source of “10 MHz” reference frequency: External or GPSDO. In the cases when you work with antennas, GPSDO on your USRP board will be spoofed, so you need to use external high quality reference source;
• Spoofing mode - Asynchronous or Synchronous. To learn more, read our article about different types of spoofing;
• Start delay, s - Generation start offset for synchronous mode. Can be used to study the required accuracy of signal synchronization;
• Conducted connection flag - Should be set in case you use cable connection to the DUT. In case you work with an antenna, do not uncheck the corresponding box;
• Opened flag - Displayed in case of successful USRP initialization;
• GPS locked flag - Displayed in case of successful USRP GPSDO 3D-fix. If the corresponding flag is set, only synchronous generation is available;
• Cable Length, m - The total length of all applied cables. Used for calculating the Total Path Gain;
• USRP Cal Factor, dB - USRP calibration value. The calibration procedure described in - USRP Calibration Procedure;
• Amplifier Gain, dB - In the cases of radiated testing, set the gain of the external RF power amplifier;
• Attenuator, dB - The total path of attenuation in the cables and\or attenuators;
• Antenna Gain, dB - In the cases of radiated testing, set the corresponding antenna gain;
• Sidelobe, dB - Sidelobe of the DUT's receiving antenna that takes into account signal's angle of arrival. Used for calculating simulator's signal power in the phase center of the DUT antenna;
• Max Generator EIRP, dBm - Maximum availability of the generator's Effective Isotropic Radiated Power with a particular amplifier, antenna, and cables;
• Total Path Gain, dB - Calculated taking into account the antenna gain, power amplifier, as well as attenuation in cables and sidelobe of the receiver antenna;
• Max distance to target - Maximum available distance to the DUT.

In the “DUT” tab, you can set the distance and direction to the sample when carrying out field testing:

The user can determine the distance to the sample using the following two methods:

• Calculating the distance to the DUT on the ground and the height of the DUT;
• Calculating the distance required for getting on the ground and in the line of sight.

In the “Start” tab, you can start the generation and also distort the signal.

Here you can shift the 1PPS or timestamp of the DUT in different ways.

• Current 1PPS offset, s - Adds an offset to the generated sequence in such a way as to shift the 1PPS signal of the DUT.
• Current GPS Time of week offset, s - Dramatically changes the ToW in HOW in all subframes. The position of all satellites is recalculated based on the new time. Thus, the receiver is temporarily lost tracking the satellites. Make sure that the power level of the generated signal is sufficient to block the real signals.
• Sats clock corr offset, s - Sinhronius simulates clock drift on all satellites. Leads to a smooth drift of 1PPS impulse of the DUT

Here you can move the coordinates of the DUT for a certain number of meters for a certain time

This is the experimental tab. Where can you add an fixed offset and noise to the coordinates of the DUT and the noise to Doppler offset. You can set the mean value and the standard deviation of the noise.

On this tab you can set the relative power, pseudorange offset and Doppler offset for each satellite.

Below is a typical DUT testing diagram for valuentabilities to spoofing and jamming:

We recommend using a directional coupler to suspend the signal from the simulator to the real signal. Oscilloscope is used for measurement of 1PPS impulse offset.

Wait for the UBLOX M8T status to become 3D Fix. Download almanac and ephemeris files. On USRP folder set:

• 10 MHz Ref to GPSDO
• check Conducted Connection
• Set Attenuator value based on cables, attenuators and directional coupler.

On Start folder setup

• DUT input power. Usualy it is within -100 dBm
• Push Start button

Below is a typical scheme of using our equipment for field testing of devices for exposure to GPS spoofing:


In case of radiated testing you cann't use internal USRP GPSDO like 10 MHz reference source, because it will be spoofed. You have to use external high quality reference source. Frequency stability should be better than 25 ppb.

Wait for the UBLOX M8T status to become 3D Fix. Download almanac and ephemeris files. On USRP folder set:

• 10 MHz Ref to External
• uncheck Conducted Connection
• Set Amplifier Gain, Attenuator, Anteanna Gain according to your connected equipment.

On DUT folder setup:

• direction to the DUT
• and known distances

On Start folder setup

• DUT input power. Usualy it is within -100 dBm
• Push Start button

In the case of an asynchronous attack, a spoofer transmits false signals that are stronger than the original ones, causing the receiver to lose track of the satellites and lock on to the overpowering spoofing signal(s). On the other hand, synchronous attacks imply transmitting signals that are synchronized with the original ones and then gradually overpowering the latter.
In more detail, the differences are synchronous and asynchronous attack you can read in our article.
In synchronous mode, our simulator generates a signal that is aligned with real up to 100 ns.
The selection of the spoofing mode can be made in the USRP tab:


If you selected the synchronous mode, then you can set an additional offset for the start of generation. This is convenient for examining the DUT correlation analysis window.

To work in synchronous mode, you must wait for the flag: “GPS Locked”:


In synchronous mode, the generation does not start immediately, but only at a certain time: