I’m wondering if the spoofer can lock onto the authentic carrier frequency and phase to confuse the receiver’s PLLs and pull the receiver’s DLLs into spoofer alignment. If so, how would this be done? I’m thinking perhaps the multipath configuration, but I’m not entirely sure.
You can create a spoofer that will simulate exactly the same signal than the truth signal using the Advanced Spoofing option or multi-instances. With these options the code phase and frequency will be aligned with the truth signal, but not the carrier phase since we are using 2 different RF outputs for the truth and the spoofer.
You probably don’t need to align the carrier phase to confuse the receiver (the receiver will probably not notice a small phase jump) but if you do yes the multipaths are the only option. Multipath and true signal are on the same RF output, so the carrier phase are perfectly coherent. You can play on the multipath parameters during the simulation (using the GUI or the API) to progressively move the multipath away from the truth signal. Note that multipath can only be delayed compared to the LOS signal.