Running a 1G Mobile Phone Network with a HackRF

First generation (1G) mobile phone technology was brought out in the 80’s and was an unsecured analogue system. These days 1G technology is completely phased out in favor of digital standards like 2G (GSM), 3G and 4G LTE and so those old 1G handsets are now useless. However, at Shmoocon 2017 presenter Brandon Creighton delivered a talk where he showed how to use a TX capable SDR like a USRP or HackRF to create your own home 1G system that allows those old brick phones to be useful once again.

The actual video of the conference talk won’t be available online until about half way through the year but the blurb read:

AMPS, the first widely deployed cellular network in the US, was old enough that it had been designed by pre-breakup Bell, yet robust enough to survive for decades in service. Unlike LTE or even GSM, it was also a protocol simple enough to be described in a fairly short specification; if you wanted to you could listen to calls with a TV tuner (or modified phone).

This is a talk on the design and implementation of gr-amps, a set of GNU Radio blocks that can turn a TX-capable software-defined radio into a base station for AMPS devices–including that brick phone in your basement. No background in SDR is necessary to follow along (but it doesn’t hurt).

Expect detours into near-forgotten phreaker history: the weaknesses that enabled phone cloning, the efforts of wireless carriers and the US government to fight exploitation, and more.

The GNU Radio code to run your own AMPS (1G) system is available on GitHub.  It has been tested on a USRP and HackRF.

lethalweaponcellphone

[Also seen on Hackaday]

Tweet50
Share56
Reddit
Vote
Email
106 Shares

Related posts:

  1. Using the SDRplay and SDRTouch on an Android Mobile Phone
  2. Exposing Cordless Phone Security with a HackRF
  3. RTL-SDR Cell Phone IMSI, TMSI and Key Sniffer
  4. HackRF Blue: A Lower Cost HackRF
  5. HackRF Blue Shipped and HackRF One Updates
Subscribe
Notify of
guest

8 Comments
Inline Feedbacks
View all comments
oh2gxn
#83296

Old brick, eh? http://oh3tr.ele.tut.fi/english/modifications.html

0
Reply
Bob
#83273

Please, somebody, make NMT450 system as well!!

0
Reply
Adam
#83274

You better buy the RS9040 base station from me for 250 Euro and the duplexer for that station for 150 Euro.
150 W of brute force.
As a gift, you can pick up the original antenna, 5 mtrs long, for that setup, free of charge 🙂

By the way, how he manage a full duplex radio with the HackRF ?

0
Reply
admin
#83283

I think they mentioned that an RTL-SDR would be used as the receiver for full-duplex.

-1
Reply
Robby
#83289

I think all HackRF owner will full duplex in the nearest future.
Mossman is testing new addon board for hackrf.
https://github.com/mossmann/hackrf/pull/282

0
Reply
Bob
#83290

Adam,
no, this is not interesting. In present reality is more interesting to get the NMT system working on SDR.
It shouldn’t be a difficult, because the AMPS system was developed for gnuradio. In NMT nothing new, just other protocols, but the same analog voice via air.

0
Reply
Alexey
#85696

check this out https://www.youtube.com/watch?v=y_YMbUXN47s
I believe I saw the sources on github somewhere

0
Reply
D2
#84816

Hi Adam, i am very interestet in your barestation with duplexer and other things, plese can you let me know some contact ?
thanks!

0
Reply