Category: Mobile

SPECTRAL-GSM: A Web-Based GSM Interception Platform Built on OsmocomBB

OsmocomBB is an open-source project that replaces the stock baseband firmware on old Motorola phones (C118, C139, etc.) that use the Texas Instruments Calypso chipset. By flashing custom "layer23" firmware over serial, these cheap legacy handsets become capable of accessing raw GSM radio data at the baseband level, enabling cell scanning, burst capture, and passive subscriber identity harvesting.

SPECTRAL-GSM builds on this by wrapping OsmocomBB into a full GSM intelligence suite controlled from a single browser tab. The system supports up to five phones simultaneously and provides a structured pipeline: scan local GSM cells, capture raw bursts on a target channel, crack the A5/1 encryption using rainbow tables on a 2 TB SSD, and then use the recovered session key for real-time voice and SMS decryption. Additional modules handle passive IMSI catching, targeted single-IMSI surveillance, silent SMS location probing via a USB modem, and OpenCellID cell tower mapping.

The developer notes that the platform is intended for authorized research, law enforcement, and educational use. At the moment, Mini0com has not provided a link or website to the software, only providing a PDF file, and video demonstrations of the system on their YouTube channel. Contact details for Mini0com can be found in the description on the YouTube videos below.

Spectral-GSM OsmocomBB

OTP Capture Demonstration Using Spectral-GSM OsmocomBB



 
 

CoronaSDR for iOS – A Free Native RTL_TCP Client

Thank you to Silviu YO6SAY for writing in and sharing with us news about the release of his iOS App called "CoronaSDR" which is a native client for receiving from rtl_tcp servers. rtl_tcp is a server program for RTL-SDRs that streams raw IQ data over a network connection.

Unlike Android, iOS does not allow third-party USB devices like the RTL-SDR to run on its devices. But you can set up an rtl_tcp server on a networked PC or Raspberry Pi in your home, and connect to the data stream with an iOS app like CoronaSDR.

Silviu writes:

CoronaSDR is a free, native iOS app that connects to an rtl_tcp server on your local network (no cloud, no subscription).

Current features
• Live spectrum + waterfall (Metal / GPU-accelerated)
• Demod modes: AM / NFM / WFM / USB / LSB / CW
• RF controls: gain, PPM, direct sampling, offset tuning, bias-tee
• Stations with tags + CSV/TSV import/export
• List/range scanning with squelch hold/skip
• Background audio + lock screen controls

Known limitations (early build)
• Built solo so far — no external testers yet
• Most real-world testing to date has been NFM and WFM
• Other modes are implemented, but I’d consider them early until more field feedback comes in

Tested with an RTL-SDR Blog V4 (R828D) on a Raspberry Pi running rtl_tcp.

I’d really appreciate detailed feedback (device + iOS version, tuner type, rtl_tcp command, mode/frequency, and steps to reproduce any issues).
 
CoronaSDR - RTL_TCP Client for iOS Devices.
CoronaSDR - RTL_TCP Client for iOS Devices.

Multimon Pager Decoding on Android

Sarah (aka SignalsEverywhere) has recently released another open-source Android app that enables the multi-signal decoder Multimon-ng to be used on Android. Multimon-ng is a commonly used decoding app, that supports various protocols such as POCSAG/FLEX pagers, as well as DTMF, ZVEI, EAS and more.

The app requires the SDR++ Android app to be running in the background with an SDR like an RTL-SDR connected. The role of SDR++ is to receive the signal and send the demodulated audio over a network connection to the Multimon-NG app, which performs the final decoding.

The app APK can be downloaded from Sarah's website via a minimum $0 donation, or alternatively, built and installed from source.

Multimon-ng on Android!

Pocket 25: An Android P25 Phase 1 Digital Voice Radio Decoder

Thank you to reader "EN53" for submitting news about a newly released open source Android app called Pocket 25. Pocket 25 is an Android-based APCO Project 25 (P25) phase 1 digital voice decoder based on the DSD-Neo decoder engine. It was developed by Sarah Rose (aka SignalsEverywhere), whose other software we have posted about in the past.

APCO P25 phase 1 trunked digital voice systems are commonly used in the United States, Canada, Australia, and other countries by emergency services. As long as the P25 network is unencrypted, it is commonly decoded to audio with an RTL-SDR and decoding software such as DSDPlus or SDRTrunk.

Pocket 25 allows users to now decode P25 signals on portable Android devices. An RTL-SDR can be connected to an Android device via a USB-OTG cable, or a remote networked RTL-SDR can be used via an rtl_tcp connection. The app also supports RadioReference accounts, automatic GPS site hopping, smart filtering, and logging.

In the readme, Sarah also notes that, because Pocket 25 is based on the DSD-Neo engine, it supports additional digital voice protocols, including DMR, NXDN, and others. However, the interface is designed around P25, so non-P25 systems may show incorrect metadata.

The software is open source and code can be found on the GitHub. There is also an active discussion about the app on RadioReference.

Pocket25 | Running DSD-Neo on Android!

Reviving Old 1G Analog Cellphones and Demonstrating Their Security Flaws

Over on the YouTube channel "Nostalgia For Simplicity," the creator has uploaded a video where he revisits the original 1G analog cellular system, AMPS, to finally understand a mysterious phenomenon he experienced over 20 years ago as a kid, where he was able to unintentionally intercept other people's calls with his 1G phone. Using vintage hardware like the Ericsson DH668, he recreates a small AMPS network and confirms that the system is fully analog, instant, and surprisingly good-sounding. 

AMPS worked by dividing the spectrum into numbered voice channels, with each call occupying one channel at a time. In busy cities, simply tuning to an active channel could let you hear someone else’s call. In this revival setup, there is only one active call, making the effect easy to demonstrate. This is essentially wideband analog FM voice on fixed channels, something easily observable and demodulated with modern SDR hardware.

Investigating this ancient 1G tech has highlighted why 1G systems were fundamentally insecure and why the world moved on to digital standards. If you're interested, the other videos on his channel continue to explore early cell phones and their quirks.

I Revived 1G and Recreated a Childhood Mystery

[Also seen on Hackaday]

NSA GENESIS: How NSA Spies Snooped on Local RF Bands using Modified Cell Phones with a Built-in SDR

Over on YouTube, the "Spy Collection" channel has recently uploaded a video detailing the US National Security Agency's (NSA) GENESIS spy gadget. GENSIS was a modified Motorola cell phone that contained a full software-defined radio system within. This system allowed NSA agents to discreetly record the local RF spectrum for later analysis. For example, an agent may have been able to record the frequencies and RF protocols used at particular facilities of interest for use in later operations. 

Details about the NSA GENESIS were revealed when the NSA's Advanced Network Technologies (ANT) catalogue was publicly leaked back in 2013. Originally, project GENESIS was due to be declassified in 2032.

Spy Collection also notes that the leaked documents indicate it is possible the phone was also used, or intended to be used, as a "finishing tool". In other words, a remotely detonated explosive phone, that could be given to persons on the US terrorist list. 

NSA's Leaked Secret GENESIS Cell Phone

SignalsEverywhere Android Project Updates: Satellite Tracker, HackTV NTSC Transmitter, OBS To HackTV, PacketShare and More

Recently, Sarah Rose Giddings (aka SignalsEverywhere) has been actively developing several radio and SDR based projects for Android, and she would like to provide an update on them.

First, as mentioned in a previous post, Sarah has been developing APRS.chat, an online mailbox system for APRS messages sent over RF. She has also been making progress on various other projects, including various useful Android apps, which she has updated interested people on in her latest livestream.

Hangout Chat | Linux | HackRF NTSC Transmission | Android APPS and More!

Some of the links to the Android software she's working on have been provided below:

Works with Benshi Protocol Radios (VR-N76 UV-PRO etc)

Stuff Created After The Livestream

Help beta test Play Store Releases (Benshi Dash, Benshi Commander, APRS Chat): https://docs.google.com/forms/d/e/1FAIpQLSfNTrCBofQYam6f6CrZ8XxTxZw2vlOiaD6ehGs5NBOAbKkHWw/viewform?usp=header

Screenshots from Sarah's HackTV NTSC Transmitter
Screenshots from Sarah's HackTV NTSC Transmitter

RF Analyzer V2.0 Released: RTL-SDR Compatible Android App

Thank you to Dennis Mantz @dennismantz for writing in and sharing with us the news that RF Analyzer V2.0 has been released for Android devices. RF Analyzer is a popular multimode Android app compatible with a vast number of SDRs, including the RTL-SDR. It also now supports the RTL-SDR Blog V4!

To use the app, you'll need a compatible RTL-SDR such as the RTL-SDR Blog V3/V4, an Android Phone or Tablet with USB OTG support, and a USB-OTG adapter. 

The new V2.0 is a complete rewrite from scratch. Dennis notes the improvements to the app below.

The app has been completely rewritten from scratch. It now features a modern Material Design UI, a more powerful and intuitive interface, and improved performance across the board.

- Support for demodulation while app is in the background
- Improved stability, demodulation and recording features
- Integrated user manual and contextual help
- Added support for RTL-SDR Blog v4

The app is not free, but it is priced at only a few dollars, and there is a 7-day free trial with 60-minute time limit per session. The full feature list is shown below:

- Works with HackRF, RTL-SDR, or pre-recorded IQ files
- View live spectrum (FFT) and waterfall plots
- Demodulate AM, FM, SSB, and CW signals
- Record raw IQ samples for offline analysis
- A responsive and modern Material Design interface
- Scroll, zoom, and tune through the bands
- Built-in context-aware help and a full offline in-app manual

RF Analyzer V2.0 Running on an Android Mobile
RF Analyzer V2.0 Running on an Android Mobile
RF Analyzer V2.0 On a Tablet
RF Analyzer V2.0 On a Tablet

Dennis has also uploaded a video tutorial explaining how to use RF Analzyer V2.0, and there is a full online user manual available here.

RF Analyzer 2.0 - Quick Start Tutorial - Android SDR App