OsmocomBB is an open-source project that replaces the stock baseband firmware on old Motorola phones (C118, C139, etc.) that use the Texas Instruments Calypso chipset. By flashing custom "layer23" firmware over serial, these cheap legacy handsets become capable of accessing raw GSM radio data at the baseband level, enabling cell scanning, burst capture, and passive subscriber identity harvesting.
SPECTRAL-GSM builds on this by wrapping OsmocomBB into a full GSM intelligence suite controlled from a single browser tab. The system supports up to five phones simultaneously and provides a structured pipeline: scan local GSM cells, capture raw bursts on a target channel, crack the A5/1 encryption using rainbow tables on a 2 TB SSD, and then use the recovered session key for real-time voice and SMS decryption. Additional modules handle passive IMSI catching, targeted single-IMSI surveillance, silent SMS location probing via a USB modem, and OpenCellID cell tower mapping.
The developer notes that the platform is intended for authorized research, law enforcement, and educational use. At the moment, Mini0com has not provided a link or website to the software, only providing a PDF file, and video demonstrations of the system on their YouTube channel. Contact details for Mini0com can be found in the description on the YouTube videos below.
Spectral-GSM OsmocomBB
OTP Capture Demonstration Using Spectral-GSM OsmocomBB
Back in February, we posted about the beta release of Echo, an iOS app designed for browsing global web-based KiwiSDR, OpenWebRX, WebSDR, and FM-DX software-defined radios. Mark, the developer of Echo, has now officially released the app on the Apple App Store for free.
Echo turns your iPhone and iPad into a global radio receiver. Browse 2,000+ KiwiSDR, OpenWebRX, WebSDR, and FM-DX servers to hear shortwave, aviation, numbers stations, and distant FM in real time.
More information can also be found on the new echosdr.com website.
Echo iOS KiwiSDR, OpenWebRX, WebSDR and FM-DX Browser App
Over on his blog, cynicalGSD has written a detailed post about how he extended his home ADS-B flight tracking setup to also decode ACARS. His existing system runs an RTL-SDR dongle on a Raspberry Pi feeding a database and Flask web app. Adding ACARS required a second RTL-SDR and a separate VHF dipole antenna tuned for 129–131 MHz.
ACARS (Aircraft Communications Addressing and Reporting System) is a text-based datalink that has been in use since 1978, carrying short messages between aircraft and ground stations. It includes messages such as OOOI events (Out of gate, Off ground, On ground, Into gate), pilot weather reports, maintenance fault codes, and gate and fuel data. The key feature of their implementation is cross-referencing ACARS messages with existing ADS-B records via aircraft registration and ICAO hex address, enriching flight records with precise departure and arrival timestamps from the airline's own reporting system.
The full write-up covers the database schema, Python integration using acarsdec, gain tuning tips, and the Flask web interface. cynicalGSD mentions that the code is available for anyone interested, but we didn't see a link, so please comment on his post if you are interested.
Technical Summary of cynicalGSD's ACARS + ADS-B implementation.
Over on GitHub, Jean-Michel Friedt has uploaded new code, results, and findings from one of his latest experiments with passive radar. A simple passive radar system uses two coherent receive channels and two antennas. One antenna receives a clean reference signal from an illuminator of opportunity, such as an FM or TV transmitter, while the other surveillance antenna receives echoes from the area containing targets. By correlating the surveillance signal with the reference signal over different delays and Doppler shifts, the system produces a range-Doppler map showing potential targets.
The novel thing about Friedt's recent work is that the illuminator is a moving L/S-Band satellite in space. The illuminator used is the polar-orbiting NISAR, a NASA-ISRO satellite designed for synthetic aperture radar (SAR). SAR satellites create detailed images of Earth by sending radar pulses to the ground and combining the returning echoes collected as the satellite moves, effectively simulating a much larger antenna.
Part of the trouble with using NISAR as an illuminator is predicting when it will be illuminating your current location. Friedt's GitHub readme explains how the software does illumination prediction.
NISAR emits chirp signals at 20 MHz bandwidth in the L and S-band, so a wideband SDR is required to get the full resolution. In his setup, Friedt used an Ettus B210 or Enjoy Digital M2SDR SDR, with two active GNSS antennas.
The results show that he was able to successfully receive reflections of the satellite signal from the ground, transform the range-doppler data into map coordinates, and overlay them on a map.
Over on GitHub and YouTube, we've seen the release of Sarah Rose's new program called DeDECTive, a DECT 6.0 scanner and voice decoder for the HackRF running on Linux systems. DECT (Digital Enhanced Cordless Telecommunications) is a digital wireless protocol typically used by modern cordless phones.
Back in 2019, Sarah (previously known as Corrosive) demonstrated how to use gr-dect2 to decode DECT in a previous video. In her latest work, she's ported gr-dect2 to C++ and written a nice GUI for the decoder. This makes running and setting up the decoder a significantly better experience. The GUI has a wideband scanner and the ability to tune for a single DECT channel for full voice decoding. There is also a CLI version that will automatically tune to the first active voice channel.
We note that many DECT cordless phones use encryption, so this software may not work with those devices. In any case, please be aware that intercepting phone calls may be illegal in many jurisdictions.
Thank you to Christophe (F4DAN) for writing in about his new project called Wavelingo, an AI real-time shortwave radio translator. The software currently works with the KiwiSDR web SDR network. Christophe has a live public example running at wavelingo.app, however, with a 60-second timeout due to hosting cost constraints. Christophe writes:
Are you listening to a QSO in a foreign language on your transceiver? Click on the closest SDR (KiwiSDR fleet for now, more SDR to come in the future), and get real-time translations.
I opened a telegram channel to share updates and feedbacks on this projects - and provide support.
Thank you to Cameron from BlackAtlas LLC for submitting their project GridDown, which is an open source Android tablet-based situational awareness system designed to operate without an internet connection. At its core, it appears to be a tablet with custom software, and then you can add sensors such as an RTL-SDR for ADS-B+Remote ID, a SARSAT receiver, and a Meshtastic ESP32-S3+SX1262 device. A demonstration of the UI can be found at https://griddown.blackatlas.tech.
Cameron writes:
[GridDown is] an offline-first situational awareness platform built for emergency preparedness, field response, and tactical operations in infrastructure-degraded environments — designed to work when cell towers are down, internet is unavailable, and operators are fully off-grid.
The platform is a Progressive Web App (~120,000 lines of vanilla JavaScript, no frameworks) that runs on Samsung Galaxy tablets, laptops/PCs, and works completely offline after initial setup. It's built by BlackAtlas LLC and is available for trial at https://griddown.blackatlas.tech.
The system has many facets to it, including:
Encrypted voice and text messaging via an ESP32-S3 with SX1262 LoRa transceiver
Passive RF sensing with the ESP32-S3 and SX1262.
Three passive drone detection methods: WiFi fingerprinting, FAA Remote ID reception, and 900 MHz control/telemetry link detection
Automatic gunshot detection via a ES7210 quad-channel I2S microphone on the ESP32-S3.
Automatic RF jamming detection
SARSAT beacon receiver
SSTV Encode/Decode
Meshtastic integration
APRS via Bluetooth TNC
ADS-B reception
RadioCode gamma spectrometer integration
Offline maps
ADS-B detection is handled by a Raspberry Pi 5 running an RTL-SDR Blog V4 dongle. Cameron writes:
The Pi connects to the tablet's built-in WiFi hotspot (no internet required — the hotspot functions as a local network only), and a Node.js bridge reads aircraft data from readsb and subscribes to the Remote ID receiver's MQTT output, then serves a unified WebSocket and REST API to the tablet. GridDown renders aircraft and drone tracks as heading-rotated silhouette icons on its offline map with altitude labels, age-based alpha fade, and emergency squawk alerting (7500/7600/7700). A 10,000 mAh USB-C PD battery provides approximately 5 hours of field runtime for the Pi.
The full setup script, hub bridge, and hotspot connection scripts ship with the project.
The software is dual-licensed, with it being open source GPL v3 (note that the GitHub link appears to be broken - we have asked for clarification) for non-commercial use, or a commercial licence for hardware bundles and business deployments.
Alternatively, BlackAtlas LLC is selling ready-to-use kits, with the core tablet coming in at $799. Other bundles include the Tablet + SARSAT receiver for $1,299, the Tablet + Meshtastic bundle for $1,299, and the Tablet + ADS-B/Remote ID bundle for $1,999.
Thank you to Janble for writing in and sharing with us their new software called "RDF-J / ECM-J SYSTEM". These are two distinct programs in a package.
The software is not open source, and it appears that Janble wishes to sell the software to interested parties. Currently, they do not have a website, and they wish to refer interested parties to their X post for more information on pricing and how to obtain the software. As with any closed-source software, we can only recommend that interested parties do their own due diligence on the safety of the software.
RDF-J is a Time Difference of Arrival (TDoA) and signal strength-based radio direction finding program, which utilizes multiple HackRF software-defined radios spread out over an area. Janble writes that the radio direction finding system can operate using either TDoA and signal strength methods independently or together, with a minimum of three nodes being required, and ideally five.
We clarified with Janble that the TDoA system uses a GPS synchronization approach to achieve the required timing accuracy.
The second program, part of the same package, is ECM-J, which is an electronic countermeasure system. It appears to use a HackRF to transmit a jamming signal. Obviously, jamming is illegal in most countries, so this is to be used at your own risk.
Janble has sent us a PDF showing the software in more detail, and they have uploaded a YouTube video, shown below.
📡 RDF-J / ECM-J SYSTEM(Radio Direction Findi-Electronic Countermeasures)
