I am trying to understand, how does scrambling and whitening work in my system. From what I understand its also called whitening and used for clock recovery. Any good books or articles on this subject ? Can some one tell me how can we find out which scrambling algorithm is being used in a system by some reverse engineering ? regards ashu
scrambling/whitening
Started by ●August 13, 2008
Reply by ●August 13, 20082008-08-13
On Aug 13, 9:54�am, ashu <ashutosh.ghildi...@gmail.com> wrote:> I am trying to understand, how does scrambling and whitening work in > my system. > > From what I understand its also called whitening and used for clock > recovery. > > Any good books or articles on this subject ? > > Can some one tell me how can we find out which scrambling algorithm is > being used in a system by some reverse engineering ? > > regards > ashuWhat is "your system"? Dirk
Reply by ●August 13, 20082008-08-13
Its wireless transceiver where data is scrambled, after the reed solomon and crc. I just want to know how can we determine the scrambling algorithm of a given system. Any literature or tutorial on this subject is also welcome :) thanks On Aug 13, 4:41 pm, dbell <bellda2...@cox.net> wrote:> On Aug 13, 9:54 am, ashu <ashutosh.ghildi...@gmail.com> wrote: > > > I am trying to understand, how does scrambling and whitening work in > > my system. > > > From what I understand its also called whitening and used for clock > > recovery. > > > Any good books or articles on this subject ? > > > Can some one tell me how can we find out which scrambling algorithm is > > being used in a system by some reverse engineering ? > > > regards > > ashu > > What is "your system"? > > Dirk
Reply by ●August 13, 20082008-08-13
My suggestion would be to first identify the system and then search the documentation for that system. If it's a standardized system (e.g., WiFi, BlueTooth, Intelsat, DVB, whatever), then the scrambler will be defined in the standard documents. If it's a generic silicon solution the scrambler should be defined in the product documentation. On Wed, 13 Aug 2008 08:40:39 -0700 (PDT), ashu <ashutosh.ghildiyal@gmail.com> wrote:>Its wireless transceiver where data is scrambled, after the reed >solomon and crc. > >I just want to know how can we determine the scrambling algorithm of a >given system. > >Any literature or tutorial on this subject is also welcome :) > >thanks > >On Aug 13, 4:41 pm, dbell <bellda2...@cox.net> wrote: >> On Aug 13, 9:54 am, ashu <ashutosh.ghildi...@gmail.com> wrote: >> >> > I am trying to understand, how does scrambling and whitening work in >> > my system. >> >> > From what I understand its also called whitening and used for clock >> > recovery. >> >> > Any good books or articles on this subject ? >> >> > Can some one tell me how can we find out which scrambling algorithm is >> > being used in a system by some reverse engineering ? >> >> > regards >> > ashu >> >> What is "your system"? >> >> DirkEric Jacobsen Minister of Algorithms Abineau Communications http://www.ericjacobsen.org Blog: http://www.dsprelated.com/blogs-1/hf/Eric_Jacobsen.php
Reply by ●August 13, 20082008-08-13
ashu wrote:> I am trying to understand, how does scrambling > and whitening work in my system.It spreads out the spectrum. Take the Fourier transform before and after the scrambler, especially for the case of a very simple signal. If the data stream has, for example, a long string of zeros the output might be a single sine wave with no transitions. Scrambling adds transitions which allow the clock recovery logic to sync to those transitions. Whitening spreads out the spectrum and reduces the problems of interference. -- glen
Reply by ●August 13, 20082008-08-13
Eric Jacobsen wrote:> My suggestion would be to first identify the system and then search > the documentation for that system. If it's a standardized system > (e.g., WiFi, BlueTooth, Intelsat, DVB, whatever), then the scrambler > will be defined in the standard documents. If it's a generic silicon > solution the scrambler should be defined in the product documentation.And if it's a secure telephone, NSA might have some declassifies papers. Jerry -- Engineering is the art of making what you want from things you can get. �����������������������������������������������������������������������
Reply by ●August 14, 20082008-08-14
My thanks to all of you. Well my system is a medical transceiver, but they haven't given the specifications of how they implement scrambling. All they say is, they use some pseudo noise method to implement scrambling at the transmission end , to ensure we recover clock at the receiving end. I can by pass this scrambling block and see the normal packet(without scrambling) by setting some bits in configuration register of my chip. Any thoughts on how to find out, what scrambling algorithm they use, using some reverse engineering ? As I have mentioned earlier I can by pass scrambling and see the unscrambled output on logic analyzer. regards ashu Can I do some reverse engineering to find out how On Aug 14, 1:37 am, Jerry Avins <j...@ieee.org> wrote:> Eric Jacobsen wrote: > > My suggestion would be to first identify the system and then search > > the documentation for that system. If it's a standardized system > > (e.g., WiFi, BlueTooth, Intelsat, DVB, whatever), then the scrambler > > will be defined in the standard documents. If it's a generic silicon > > solution the scrambler should be defined in the product documentation. > > And if it's a secure telephone, NSA might have some declassifies papers. > > Jerry > -- > Engineering is the art of making what you want from things you can get. > �����������������������������������������������������������������������
Reply by ●August 14, 20082008-08-14
On Thu, 14 Aug 2008 01:46:29 -0700 (PDT), ashu <ashutosh.ghildiyal@gmail.com> wrote:>My thanks to all of you. > >Well my system is a medical transceiver, but they haven't given the >specifications of how they implement scrambling. > >All they say is, they use some pseudo noise method to implement >scrambling at the transmission end , to ensure we recover clock at the >receiving end. > >I can by pass this scrambling block and see the normal packet(without >scrambling) by setting some bits in configuration register of my chip. > >Any thoughts on how to find out, what scrambling algorithm they use, >using some reverse engineering ? As I have mentioned earlier I can by >pass scrambling and see the unscrambled output on logic analyzer. > >regards >ashu >Scramblers are typically LFSRs so it should be possible if you have copies of scrambled and unscrambled data. Can you control the contents of the data packets? i.e., can you put a known sequence through and get the scrambled and uncscrambled versions? Transmitting a low-weight packet, i.e., only a few, widely-spaced ones in a packet otherwise filled with zeroes might help find the length of the scrambler as a start. Eric Jacobsen Minister of Algorithms Abineau Communications http://www.ericjacobsen.org Blog: http://www.dsprelated.com/blogs-1/hf/Eric_Jacobsen.php
Reply by ●August 14, 20082008-08-14
On Thu, 14 Aug 2008 10:05:00 -0700, Eric Jacobsen <eric.jacobsen@ieee.org> wrote:>On Thu, 14 Aug 2008 01:46:29 -0700 (PDT), ashu ><ashutosh.ghildiyal@gmail.com> wrote: > >>My thanks to all of you. >> >>Well my system is a medical transceiver, but they haven't given the >>specifications of how they implement scrambling. >> >>All they say is, they use some pseudo noise method to implement >>scrambling at the transmission end , to ensure we recover clock at the >>receiving end. >> >>I can by pass this scrambling block and see the normal packet(without >>scrambling) by setting some bits in configuration register of my chip. >> >>Any thoughts on how to find out, what scrambling algorithm they use, >>using some reverse engineering ? As I have mentioned earlier I can by >>pass scrambling and see the unscrambled output on logic analyzer. >> >>regards >>ashu >> > >Scramblers are typically LFSRs so it should be possible if you have >copies of scrambled and unscrambled data. Can you control the >contents of the data packets? i.e., can you put a known sequence >through and get the scrambled and uncscrambled versions? > >Transmitting a low-weight packet, i.e., only a few, widely-spaced ones >in a packet otherwise filled with zeroes might help find the length of >the scrambler as a start.Or, better yet, an all-zero sequence, which might reveal the LFSR polynomial completely. Eric Jacobsen Minister of Algorithms Abineau Communications http://www.ericjacobsen.org Blog: http://www.dsprelated.com/blogs-1/hf/Eric_Jacobsen.php
Reply by ●August 16, 20082008-08-16
Eric Jacobsen <eric.jacobsen@ieee.org> wrote in news:p749a49u3ngo7ft85bsq5cgpov1k1oheka@4ax.com:> On Thu, 14 Aug 2008 10:05:00 -0700, Eric Jacobsen > <eric.jacobsen@ieee.org> wrote: > >>On Thu, 14 Aug 2008 01:46:29 -0700 (PDT), ashu >><ashutosh.ghildiyal@gmail.com> wrote: >> >>>My thanks to all of you. >>> >>>Well my system is a medical transceiver, but they haven't given the >>>specifications of how they implement scrambling. >>> >>>All they say is, they use some pseudo noise method to implement >>>scrambling at the transmission end , to ensure we recover clock at the >>>receiving end. >>> >>>I can by pass this scrambling block and see the normal packet(without >>>scrambling) by setting some bits in configuration register of my chip. >>> >>>Any thoughts on how to find out, what scrambling algorithm they use, >>>using some reverse engineering ? As I have mentioned earlier I can by >>>pass scrambling and see the unscrambled output on logic analyzer. >>> >>>regards >>>ashu >>> >> >>Scramblers are typically LFSRs so it should be possible if you have >>copies of scrambled and unscrambled data. Can you control the >>contents of the data packets? i.e., can you put a known sequence >>through and get the scrambled and uncscrambled versions? >> >>Transmitting a low-weight packet, i.e., only a few, widely-spaced ones >>in a packet otherwise filled with zeroes might help find the length of >>the scrambler as a start. > > Or, better yet, an all-zero sequence, which might reveal the LFSR > polynomial completely.The Berlekamp-Massey algorithm can help here. http://en.wikipedia.org/wiki/Berlekamp-Massey_algorithm Regards, Allan
