½½½½½½½½½½½½½½½½½½½½½½½½½½½½½½ ____ ____ _ _ ____ | o | |_ _| | \__/ | | o | PROBE INDUSTRIES MAGAZINE PHILES | _| _||_ | | | _| ISSUE NUMBA 11 |__| |____| |_|\/|_| |__| RELEASED: 9/96 ½½½½½½½½½½½½½½½½½½½½½½½½½½½½½½ øøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøø ø ø ø P.I.M.P. Members: ø ø ------------------- ø ø ø ø fringe -chicago PIMP stickman -chicago PIMP ø ø ø ø subhuman -chicago PIMP qball -chicago PIMP ø ø ø ø jello biafra -chicago PIMP taz -chicago PIMP ø ø ø ø mastermind -microcosm PIMP luthor -strange days PIMP ø ø ø ø if yer one of the pimps, and i fergot to mention ya, lemme know ø ø on one of the boards listed below.. ø ø ø øøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøøø _ _ _______ _____ ___ ___ ____ _ /___/ /___/ / / /__) /_ _ __/ _/ \ _/__/ _/__) _/____ _ _ _ _ _ _ _ / I N D U S T R I E S / (Written 9/9/96 - 9/22/96) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤ ¤¤ ¤¤ Understanding Code Division Multiple Access Technology (CDMA) ¤¤ ¤¤ ¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ This article does not tell you how to clone cdma fones, how to haxxor into cdma cellsites,.. nothing in this tech manual should be thought of as proprietary information, but moreso as information that is next to impossible to find.. these are the basix on how cdma technology is used. the information that people want for understanding, not just so you can make 'leet calls. Most people will throw this aside and say what the fuck is all that garbage.. but many people have told me constantly that i should release some inpho, so here it is.. the only info i could find that isn't considered proprietary.. and it's the best overall view on CDMA technology. Any and all other questions we might be able to answer CDMA related should be directed to fringe @ any of the bbses listed below. A small glossary was added to the bottom on this phile to help those trying to understand that aren't all familiar with the terms used. ««««««««««««««««««««««««««««««««««««««««««««««««««««««««««« «« »» «« This is divided into the following Chapters: »» «« »» «« 1. CDMA and the Telecommunications Industry. »» «« 2. How CDMA Signalling works. »» «« 3. CDMA and diversity. »» «« 4. CDMA compared to Analog FM. »» «« 5. CDMA Variable Rate Speech Encoder. »» «« 6. Ten mins in the life of a CDMA Mobile Station. »» «« 7. CDMA Power Control. »» «« 8. Glossary of terms used. »» «« »» »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» +++++ + + + 1 + CDMA and the Telecommunications Industry. + + +++++ Presently, the tcom industry is facing problems.. they have an ever increasing number of users sharing the same limited freq bands. To expand the user base, the industry must find methods to increase capacity without degrading the quality of service. The current analog cellular system uses a complex system of channelization with 30 kHz channels, commonly called FDMA (Frequency Division Multiple Access). To maximize capactiy, FDMA cellular uses directive antennas (cell sectoring in the hexagonal shape) and complex frequency reuse planning. To further increase system capacity, a digital access method is being implemented called TDMA (Time Division Multiple Access). This system uses the same frequency channelization and reuse as FDMA analog and adds a time sharing element. Each channel is shared in time by three users to effectively triple system capacity. CDMA stands for Code Division Multiple Access and uses correlative codes to distinguish one user from another. Frequency divisions are still used, but in a much larger bandwidth (1.25 MHz). In CDMA, a single user's channel consists of a specific frequency combined with a unique code. CDMA also uses sectored cells to increase capacity. One of the major difs in access is that any CDMA freq can be used in all sectors of all cells. The correlative codes allow each user to operate in the presence of substantial interference. This can be compared to a large bunch of people talkin.. differences between voices and the like can be sorted by your brain, but eventually they all become less distinctive as more voices are added.. the talk zone is growing smaller. CDMA is similiar, but the recognition is based on the kode. The interference is the sum of all other users on the same CDMA freq, both from within and without the home cell and from delayed versions of these signals. It also includes thermal noise and atmospheric disturbances. Delayed signals caused by multipath are separately received and combined in CDMA. This will be discussed moreso later on. One of the major capacity gains with CDMA is due to it's freq reuse patterns. The normal reuse pattern for analog and TDMA systems employs only 1/7 of the available freqs in any given cell and it essentially can be called frequency non-reuse.. but with CDMA, the same freqs are used in all cells. When using sectored cells, the same freqs can be used in all sectors of all cells. This is only possible because CDMA technology is designed to decode the proper signal in the presence of high interference. +++++ + + + 2 + How CDMA signalling works. + + +++++ CDMA starts with a narrowband signal with a full data rate of 9600 bps. This is spread with the use of specialized codes to a bandwidth of 1.23 MHz. When transmitted, a CDMA signal experiences high levels of interference, dominated by the coded signals of other CDMA users. This takes two forms, interference from other users in the same cell and interference from adjacent cells. The total interference also includes background noise and other spurious signals. When the signal is received, the correlator recovers the desired signal and rejects the interference. This is possible because the interference sources are uncorrelated to the desired signal. +++++ + + + 3 + CDMA and Diversity. + + +++++ An important aspect of CDMA is diversity. CDMA uses three types of diversity: - spartial diversity - frequency diversity - time diversity Spatial Diversity: takes two forms: - two antennas: the base station uses two receive antennas for greater immunity to fading. this is a classic version of spatial diversity. - multiple base stations simultaneously talk to the mobile during soft handoff. During soft handoff, contact is made with two base stations simultaneously. The signals from the base to mobile are treated as multipath signals and are coherently combined at the mobile unit. at the base stations, the signals are transmitted via the network to the Mobile Telephone Switching Office (MTSO), where a quality decision is made on a frame-by-frame basis, every 20 ms. ------------------------------------------------------------------ Vocoder / Selector \\\\\ \[ MTSO ] <-- land link --> /\ /\ / \ / \ / \ Base Station one Base Station two \ / \ / \ / \/ \/ [ Subscriber / Mobile Phone user ] Figure One - Spatial Diversity during soft handoff. ------------------------------------------------------------------ Frequency Diversity: Frequency diversity is inherent in spread spectrum systems. A fade of the signal is less likely than with narrow band systems. Fading is caused by multipath and is a function of the time delays in the alternate paths. In the freq doman, a fade appears as a notch filter that moves across a band. As the user moves, the freq of the notch changes. The width of the notch is on the order of one over the difference in arrival time of two signals. For a 1 microsecond delay, the notch will be approximately 1 MHz wide. The TIA CDMA system uses a 1.25 MHz bandwidth, so only those multipaths of time less than 1 microsecond actually cause the signal to experience a deep fade. In many environments, the multipath signals will arrive at the receiver after a much longer delay. This means that only a narrow portion of the signal is lost. Say there is a fade of 200 to 300 kHz.. this will result in a power loss with a CDMA signal, but could result in a complete loss of an analog or TDMA signal. Time Diversity: Time diversity is a technique common to most digital transmission systems. Signals are spread in time by use of interleaving. Forward error correction is applied, along with maximal likelihood detection. The particular scheme used for CDMA is convolutional encoding in the transmitter with Viterbi decoding using soft decision points in the receiver. rake receiver: CDMA takes advantage of the multipath by using multiple receivers and assigning them to the strongest signals. The mobile receiver uses three receiving elements, and the base station users four. This multiple correlator system is called a rake receiver. In addition to the separate correlators, searchers are also used to look for alternate multipaths and for neighboring base station signals. +++++ + + + 4 + CDMA compared to analog FM. + + +++++ For most people familiar with FM communications systems, a paradigm shift is needed to properly discuss CDMA. Here are some differences between CDMA and analog FM: - Multiple users are on one frequency simultaneously - A channel is defined by the correlative code in addition to the freq - The capacity limit is soft. Capacity can be increased with some degradation of the error rate or voice quality. +++++ + + + 5 + CDMA Variable Rate Speech Encoder. + + +++++ CDMA takes advantage of quiet times during speech to raise capacity. A variable rate vocoder is used; the channel is at 9600 bps when the user is talking. When the user pauses, or is listening, the data rate drops to only 1200 bps. 2400 and 4800 bps are also used, though not as often as the other two. The data rate is based on speech activity and a decision as to the appropriate rate is made every 20 ms. Normal telephone speech has approximately a 40% activity factor. The mobile station lowers its data rate by turning off its transmitter when the vocoder is operating at less than 9600 bps. At 1200 bps, the duty cycle is only { {1} \\over {8} } that of the full data rate. The choice of time for this duty cycling is stochastic, so the power is lowered at all times when averaged over many users. Lowering the transmit power at the mobile reduces the level of interference for all other users. The base station uses a slightly different scheme. It repeats the same bit patterns as many times as needed to get back to the full rate of 9600 bps. The transmit power for that channel is adjusted to reflect this repetition which allows the interference to be minimized. Repeating the bits at lower power is more effective on the forward link than it could be on the reverse link due to use of a coherent phase reference called the pilot signal. (more on power later) Walsh codes: An important feature of the forward link is the use of Walsh codes. These have the characteristic of being orthogonal to each other and to the logikal NOT of each other. Two codes are defined to be orthogonal if they have an exact zero cross product when summed over the full period of codes. The TIA CDMA system uses a 64 by 64 Walsh matrix (each Walsh code is 64 bits long). CDMA Forward Link Physical Layer: Voice data at 9600 bps (full rate) is first passed through a convolutional encoder, which doubles the data rate. It is then interleaved, a process that has no effect on the rate, but does introduce time delays in the final reconstruction of the signal. A long code is XOR'ed with the data, which is a voice privacy function and not needed for channelization. CDMA then applies a 64 bit Walsh code which is uniquely assigned to a base to mobile link to form one channel. This sets a physical limit of 64 channels on the forward link. If the coded voice data is a zero, the Walsh sequence is output; if the data is a one, the logikal not of the Walsh code is sent. The Walsh coding yields a data rate increase of 64 times. The data is then split into I and Q channels, and spread with short codes. The final signals are passed through a low pass filter, and eventually sent to an I/Q modulator. Long Code Generation: The Long Code is generated using a 42-bit linear feedback shift register. This is the master clock and is synchronized in all CDMA radios. A specific mask is applied to generate a unique long code. Forward Link Channel Format: The Base Station transmitter signal is the composite of many channels ( with a minimum of four ). These four channels are the Pilot channel, the Sync channel, the Paging channel, and the Traffic channel. - Pilot Channel The Pilot channel is unmodulated; it consists of only the final spreading sequence (short sequences). The Pilot Channel is used by all mobiles linked to a cell as a coherent phase reference. The other three channels, the Sync channel, the Paging channel, and the Traffic Channel, use the same data flow, but different data are sent on these channels. - Sync Channel The Sync channel transmits time of day information. This allows the mobile and the base to align clocks which form the basis of the codes that are needed by both to make a link. - Paging Channel The Paging channel is the digital control channel for the forward link. Its complement is the access channel which is the reverse link control channel. One base station can have multiple paging channels and access channels if needed. - Traffic Channel The Traffic channel is equivalent to the analog voice channel. This is where the actual conversations take place. CDMA Reverse Link Physical Layer: The CDMA reverse link uses a different coding scheme to transmit data. Unlike the forward link, the reverse link cannot support a pilot channel for synchronous demodulation (since each mobile station would need its own pilot channel). Due to this limitation, the reverse link has less capacity than the forward link. To aid reverse link performance, the 9600 bps voice data uses a one-third rate convolutional coded for more powerful error correction. Then six data bits at a time are taken to point at one of the 64 available Walsh codes. The data, which is at 307.2 kbps, is then XOR'ed with the long code to reach the full 1.2288 Mbps data rate. This unique long code is the channelization for the reverse link. The modulation is Filtered QPSK in the base station, and Filtered Offset QPSK in the mobile station. - CDMA Modulation Formats In normal operation, many channels are summed together and transmitted on top of each other by the base station. O-QPSK is used in the mobile stations because it avoids the origin and makes the design of the output amplifier easier. For the base station, since many channels are summed together, using O-QPSK would not always avoid the origin. This is due to random nature of adding many signals together. - CDMA Multiplex Sublayer Signalling is well structured in CDMA. The full data rate of 9600 bps can be shared between data for the user and signaling data. The channel is effectively a modem that can be used for a variety of services. Current standards exist for service option 1, the vocoder. Service options 2 and 3 are under discussion at the standards committee. These proposed options are for a test mode of data loopback, and data services. ------------------------------------------------------------------ _____________________ ________________ | Service Options | | Signalling | |___________________|_____|______________| | Multiplex Sublayer | |________________________________________| | Channel Data - 9600 bps | |________________________________________| Figure Two - CDMA Multiplex Sublayer ---------------------------------------------------------------------- +++++ + + + 6 + Ten mins in the life of a CDMA Mobile Station. + + +++++ It all starts with the turn-on of the radio and system access. It assumes the car is being driven and that the radio performs an idle state handoff. It covers call initiation, soft handoff and call termination. - Turn On System Access: When the mobile first turns on, it must find the best base station. This is similiar to analog where the phone scans all the control channels and selects the best one. In CDMA, the mobile unit scans for available Pilot Signals, which are all on different time offsets. This process is made easier because of the fixed offsets. The timing of any base station is always an exact multiple of 64 systen clock cycles (called chips) offset from any other base station. The mobile selects the strongest pilot tone and establishes a frequency and time reference off the signal. The mobile then demodulates the sync channel which is always on Walsh 32. This channel provides master clock information by sending the state of the 42 bit long code shift register 320 milliseconds in the future. The sync channel also contains many other system parameters. The mobile then starts listening to the paging channel, and waits for a Page that is directed to its phone number. The mobile will often register with the base station so that the base station can do location-based paging rather than system wide paging. - CDMA Idle State Handoff The mobile has searchers scanning for alternative pilot tones at all times. If a pilot tone is found from another base station that is strong enough for a link, the mobile will request a soft handoff. In this case, no call is in process, so it is an idle state handoff. This is an active process that updates the location of the mobile to the system. - CDMA Call Initiation The user then decides to make a call. The number is keyed in and the send key is hit. This initiates an Access Probe. The mobile uses the access channel and attempts to make contact with the serving base station. As no link is yet established, closed-loop power control is not active. The mobile uses open-loop control to guess an initial level. Multiple tries are allowed with random times between the tries to avoid collisions that can occur on the access channel. After each attempt the mobile listens to the paging channel for a response from the base station. The base station responds with an assignment to a traffic channel. This is a Walsh code for the forward link. The traffic channel uses different long codes than the paging channel. The base station initiates the land link, and a conversation can take place. When a call is initially processed, your ESN / MIN pair is transferred through the EMX (Electronic Mobile eXchange), thus along with that transfer, your ani is passed on to whatever line you call; most cell sites do not support Caller ID though. - CDMA Soft Handoff During the call, the mobile finds yet another base station with good power. The mobile makes a request from its serving cell to initiate soft handoff with the additional cell. The base station passes this request to the MTSO (Mobile Telephone Switching Office) which contacts the second base station and gets a Walsh assignment. This is sent to the mobile by the first base station. The land link is connected to both base stations. The mobile combines the signals from both base stations by using the two Pilot signals as coherent phase references. At the MTSO, the signals are examined from each base station and the better one is chosen for each 20 milliseconds block. As the signal from the first base station degrades, the mobile will ask that the soft handoff be terminated. At this point the mobile is being power controlled by the second base station (since the first cell probably has a very poor link). The request is passed from the second cell through the MTSO, and the first cell stops transmission and reception of the signal. The mobile is now only on the second cell. - CDMA End of Call Finally, the call ends. This can be initiated either from the mobile or land side. In either case, transmissions are stopped and the land line connection is broken. Word has it, with the normal analog cell sites used now,.. the EMX (Electronic Mobile eXchange) will drop your call into default so that you won't be billed if for any reason power cuts off to a phone call without you hitting the end key.. so if you took off the battery during transmission, you basikally shouldn't get billed, because certain termination tones aren't sent to properly end the call.. i haven't tested this theory myself, but let's just say i got this from an expert in the field.. and although i promised i wouldn't discuss how to make free fone calls,.. i had to throw that in there. +++++ + + + 7 + CDMA Power Control. + + +++++ One of the fundamental enabling technologies of CDMA is power control. The power of all mobile units is controlled so that to arrive at the base station with equal power levels. In this way, the interference from one unit to another is held to a minimum. Reverse Link Power Control: Two forms of power control are used for the reverse link: - open loop power control - closed loop power control - Open loop power control Open loop power control is based on the similarity of the loss in the forward path to the loss in the reverse path (forward refers to the base-to-mobile link, while reverse refers to the mobile-to-base link). Open loop control sets the sum of transmit power and receive power to a constant, nominally -73, if both powers are in dMb. A reduction in signal level at the receive antenna will result in an increase in signal power from the transmitter. For example, assume that the received power of the composite signal from the base station is -85 dBm. The open loop transmit power setting would be +12 dBm. - Closed loop power control Closed loop power control is used to allow the power from the mobile unit to deviate from the nominal as set by open loop control. This is done with a form of delta modulator. The base station monitors the power received from each mobile station and commands the mobile to either raise power or lower power by a fixed step of 1 dB. This process is repeated 800 times per second, or every 1.25 milliseconds. Because the power of the mobile is controlled to be no more than is needed to maintain the link at the base station, much less power is typikally transmitted from the mobiles than is the case with analog. The analog radio needs to transmit enough power to maintain a link even in the presence of a fade. Most of the time it is transmitting with excess power. The CDMA radio is controlled in real time and is kept at low power. The has the benefit of longer battery life and smaller, lower cost amplifier design. If recent health concerns over cellular phone radiations are founded, CDMA will be preferred. +++++ + + + 8 + Cellular term glossary for this phile. + + +++++ Bandwidth - can be thought of as the MAX Peak-to-Peak of a waveform. ^the range of hertz a signal can hold. CDMA - Code Division Multiple Access ESN - Electronic Serial Number FDMA - Frequency Multiple Division Access freq - I used this a lot, short for frequency (duh!) Handoff - the process of a call changing from one hex (cellsite) to another hex (cellsite). MIN - Mobile Identification Number TDMA - Time Division Multiple Access Vocoder - Voice Coder, used to encrypt the call. All conversation and transmission are encrypted with CDMA technology. the rest that you may have questions on.. mail me or ask someone.. i just typed this whole file.. and although i type fast.. this fuckin killed me.. i may type a phile later on cell switches.. which may be more interesting.. [ END CDMA TECH 1 ] ¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬, _ _______ ______ ___ ___ ____ _ /___/ /___/ / / /__) /_ _ __/ _/ \ _/__/ _/__) _/____ _ _ _ / I N D U S T R I E S ¬,¬,¬,¬,¬,¬,¬,¬,/¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬,¬, M A G A Z I N E P H I L E S 1 9 9 6 §§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§ the following boards listed hold true to the scene and if you are deep into h/p and the likes, i suggest you give them a call. if your board is on here, and you don't want it to be, let me know. if your board isn't on here, but you think it should be.. let me know. i might produce more CDMA philes,.. it all depends-fringe greets (just like in the ol commodore daze) go out to the following npa's, since posting hundreds of handles is outta the question: 207 (keep maine alive luthor!), 303 (i like the switch Haven), 312 (remember when we were ALL 312?!), 410 (where'd ad2 go?!), 416 (hidin' away), 514 (you guys have been diehards for years), 516 (peoples definately in the know), 619 (cellular is fun, no? :) ), 630 (my gnu npa,.. joy), 704 (yer scene's crashed hard w/o linoleum), 708 (what used to be my npa), 847 (iz all good), 904 (keep goin microcosm), +31 +44 +49 +62 (i'll be back overseas soon, hopefully.. there is no stronger scene.. than overseas..) §§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§§ Apocalypse 2000 - H/P/Punk/Ska/Rave/home of the PIMPS! +1-847-676-9855 - *NO* ratio for LD callers. 1 gig online. Poison Pen - H/P, *NO* ratio. +1-847-251-3868 Moo 'n' Oink - H/P +1-847-256-5928 Microcosm - H/P +1-904-484-5548 Underworld 96 +1-514-683-1894 Aneurysm - H/P - NUP: Discipline +1-514-458-9851 Last Territory - H/P +1-514-565-9754 Linoleum - H/P +1-704-gone, but will be remembered well.. Hacker's Haven - H/P +1-303-343-4053 Digital Disturbance - H/P +1-516-681-7437 Hacker's Hideaway - H/P +1-416-534-0417 TOTSE - H/P and crazy other amounts of info +1-510-935-5845 The Switchboard (priorly known as the coffee shop) - H/P +011-31-703-584-868 Arrested Development - H/P +011-31-773-547-477 ********************************************************** * * * Probe Industries Magazine Philes 11 * * * * "Because I study P-I-M-P-ology, but logikally.." * * * * ` po pimp - do or die * * * **********************************************************