4G GPS Tracker Reverse Engineering - GPS Digital Signal Decoding

Hello Matt are you intersted in sponsorship?

You’ve got to be one of the most underrated hardware hacking channels. Couple of questions. 1. What got you into hardware hacking 2. What’s the best way to learn?

Now you only need to transfer the NMEA data to the 4G chip and make it send out to your phone, so that the whole tracker would work as advertised and not only by cell tower positions... Great series so far, thx a lot for showing! 👍👍👍

It's amazing, I would have killed for the functionality of a modern $10 Logic Analyzer 20 years ago.

The term commonly used to when talking about the different positioning systems—GPS, Galileo, GLONASS, Beidu, NAVIC, QZSS—is "constellations". As a general term, the industry calls satellite navigation GNSS (Global Navigation Satellite Systems). Technically, "GPS" is only the US Global Position System. You'd say "this GNSS module supports a number of constellations". I find "GNSS" to be a mouthful, and continue to use "GPS" in informal settings. "Neema" for NEMA is correct. I'm enjoying this series. I've spent a lot of time reverse engineering the internals of some older Trimble receivers, so it's interesting to see others digging in GPS tech as well.

16:07 lol i love this round about way to get the NMEA messages into your script! when i've messed with these little off the shelf GPS modules, i simply make up a d sub mini cable that i pin for the RS-422 to usb dongle i have (why doesn't 422 have standard pins...) and then i just plug my dongle into my lab PC and then i solder or clip the dsub mini cable to the module and connect them. this lets me use putty to connect directly to the serial traffic. sometimes i will use an arduino to read the serial data too. the 422 dongles can be really expensive, so i've also done it with the classic startech 232 dongle. people don't now how insanely useful startech is lol. when you are using a UART to USB dongle with windows you also open up the massive amounts of code that work with com ports so you can do anything you want very easily using either putty or any software library (i usually go with .NET because i'm lazy).

fyi for anyone wondering about the "GN" Id, that means GNSS which the term for all satellite positioning systems. it gets confusing, but GPS often means the american system (also called navstar by old people). GLONASS is the russian one. when people say "GPS" they often mean "GNS" or just any generic position system. That said, the GNS message should always have GN as its ID because only GNSS receivers should be sending that message. different receivers will support different features and may or may not send different NMEA messages. GNS is pretty common though i think for modern all in one modules that include a little antenna and the receiver on one tiny board. as for the ! for a message start, i've never run into that before. it seems to be specific to AIS and it shows up in some NMEA documentation but not others. most of the documentation i have says the ONLY valid message start is $ with the ONLY valid message end being CRLF. your code should just ignore messages that have invalid characters though. also if anyone wants to start playing with NMEA messages in software, i highly recommend paying close attention to the "valid" field of any message because some receivers will send seemingly valid data that is actually invalid because tracking has been lost (they may repeat the last known position with and invalid flag set). And then you always, always want to check the checksum field. you can get an error in a message that will change a single character but still be a valid message, and if you don't catch it by using the checksum then you are screwed lol.

GN: Combined GNSS position, for example, GPS and GLONASS.

9600/115200 8N1 are *the* standard today... I haven't seen other parity than none for ages.

Love the new audio quality. Huge upgrade!

i'm learning a lot of linux stuff thanks to your channel, it's such a pleasure being able to understand what is a proffesional doing while giving all the explanations. greetings from buenos aires from a russian

5:15 i worked with this type of GPS stuff for a while, and i heard both "NEE-mah" and "EN-EM-EE-AY". i usually said the letters out (EN EM EE AY) because there is a completely different system called NEMA that covers things like power cord plug shapes. Its pretty standard to see NMEA over either RS-232 or 422 with 1 Hz messages at 9600 baud with no parity bit. i never needed a parity bit because any broken message would result in a bad character in the NMEA message and my code would handle that as a bad NMEA message altogether and it would put the software into a "bad message" state which just threw the message out and waited for the start of the next message. you can't really use NMEA 1Hz message for nav stuff, but it can still be really useful for a lot of other things. you can make a clock on steroids that uses navstar's messages to find the date and time. i think its actually easier than using the radio clock stuff lol. a lot of off the shelf GPS modules include a 1 ppm signal too which can extremely useful for writing lazy power efficient code

Camera video quality and lighting so much better in this one! Also your eye line to the camera is almost perfect. I know how awkward it feels to stare directly into a lens... 😬

uhhh... i have never seen the automation with sigrok cli. That is a nice touch!

Love your content Matt. Keep up the good work!

You are using GPS, from you analyzer I can tell you are on planet earth.

Great content, great explanation, so fascinating. Thank you very much.

GN means it's combining multiple sources, i read that on the german wikipedia entry for NMEA, which for some reason is much more comprehensive than the english version

hell yeah! i been waiting on this one!

It's worth mentioning that serial interfaces are nearly always 9600,8,N,1 (9600 bits per second, 8 data bits, no parity bit, & 1 stop bit) by default, so if you know nothing at all about the device, try that first, & the odds are very good that it'll work. The next most common setting is the same, but 115200 bits per second.