Shmoocon 2017: Dig Out Your Old Brick Phone

The 90s were a wonderful time for portable communications devices. Cell phones had mass, real buttons, and thick batteries – everything you want in next year’s flagship phone. Unfortunately, Zach Morris’ phone hasn’t been able to find a tower for the last decade, but that doesn’t mean these phones are dead. This weekend at Shmoocon, [Brandon Creighton] brought these phones back to life. The Motorola DynaTAC lives again.

[Brandon] has a history of building ad-hoc cell phone networks. A few years ago, he was part of Ninja Tel, the group that set up their own cell phone network at DEF CON. That was a GSM network, and brickphones are so much cooler, so for the last few months he’s set his sights on building out a 1G network. All the code is up on GitHub, and the hardware requirements for building a 1G tower are pretty light; you can roll your own 1G network for about $400.

The first step in building a 1G network, properly referred to as an AMPS network, is simply reading the documentation. The entire spec is only 136 pages, it’s simple enough for a single person to wrap their head around, and the concept of a ‘call’ really doesn’t exist. AMPS looks more like a trunking system, and the voice channels are just FM. All of this info was translated into GNU Radio blocks, and [Brandon] could place a call to an old Motorola flip phone.

As far as hardware is concerned, AMPS is pretty lightweight when compared to the capabilities of modern SDR hardware. The live demo setup used an Ettus Research USRP N210, but this is overkill. These phones operate around 824-849 MHz with minimal bandwidth, so a base station could easily be assembled from a single HackRF and an RTL-SDR dongle.

Yes, the phones are old, but there is one great bonus concerning AMPS. Nobody is really using these frequencies anymore in the US.¬†That’s not to say building your own unlicensed 1G tower in the US is legally permissible, but if nobody reports you,¬†you can probably get away with it.

30 thoughts on “Shmoocon 2017: Dig Out Your Old Brick Phone

  1. Holy crap that’s cool. I’ve wanted a DynaTAC for basically forever… but I’ve been held back by the fact that it’s not very practical to have a phone that can’t really make calls any more. (I try to think of myself as a tinkerer, dev, or at least user, and not a collector, which also doesn’t help.)

    I’d love to see a way to make a base station that bridged to existing ‘big’ 3g networks –2g is dead and buried in my area– or even to a landline connection. (FWIW, I have AT&T for my cell phones, and CenturyLink is the local landline provider… they suck, big-time, but I can get past that for something like this.)

    Note that I’m not interested in getting arrested, so I’d probably want the base station coverage to be about the size of my house… a seventy-five-foot radius would be all that and more. I’d use it more as a “cordless” than as a mobile phone.

    1. Bridging to the public phone network is surely pretty easy. Just connect up to a land line. An old voice modem should do it, typically you send them some AT commands then standard 8-bit PCM audio. From there, you’ve got the whole world.

      Or else just use the jack connection on a mobile for headset / mic. Or Bluetooth if you want to be sophisticated about it. Extra points (LOTS of extra points!) if you can do Bluetooth over the same SDR you’re using for 1G.

    1. What we really need is to come into contact with a technologically inferior alien race, then Bono can do a charity song and we ship them all the old gear.

      I’ll even volunteer to move over and be considered a wizard.

      1. You mean we sacrifice Bono to their god then prove that their gods don’t exist because our god is better then we plunder all their natural resource in the name of patriotism while being heralded as creative thinkers and intergalactic heroes.

        1. I don’t really know about all that. But I’m definitely up for sacrificing Bono. Any cause will do. Shouldn’t take much to convince him to do it. He’s spent his life working up to becoming Christ, tell him this is the final step.

    2. My cheap Chinese phone-watch is 2G-only, so be a bit of a shame when it goes over here. Then again I only use it for Bluetoothing up to my actual phone, I just use it to inform me who’s calling. Saves taking the phone out of my pocket.

      Still when 2G finally dies in most of the world, those cheap Mediatek chipsets that seem to be in every Chinaphone will have to be replaced by the 3G versions. Which Mediatek also make, I think the cheap Ebay phone manufacturers are just saving money using 2G.

  2. Now the next step is adding a VoIP trunk component. This way, you could actually call out (or in) using this. Sadly, it’d probably be illegal to put this in a backpack with an LTE hotspot and a Pi or something to run everything so you could walk around calling on your brick phone.

  3. The AMPS frequencies are still widely used for newer cellphone standards in the US. I have no idea why the author thinks they are unused.
    The only reason you might get away with running an AMPS cell at any real power level is that newer standards are able to operate in the presence of narrow band interference. Even so, if you run it for a long enough time, one of the cell companies will be out looking for the signal that’s raising their noise floor.

    1. I just looked it up. In addition to being the GSM 850 band, these frequencies are assigned as LTE band 5, so they are used for 4G. There’s probably a billion dollars of spectrum there.

    2. Yup, and in many countries the military and other agencies actively monitor the entire spectrum with phase/time difference receivers with remote units deployed on building roofs, towers etc, ie they don’t even need to point the antenna to find from where the interference comes, because it’s just a matter of correlating what the receivers get wrt time and phase. I’m not sure if this is the better toy to play with in the age when a wrong haircut can result in a home raid by black dressed legalized thugs with license to kill.

  4. People looking for your signal will especially have a hard time due to all the knee-jerk no-listening-to-phones laws that put a spectrum hole on the AMPS band area on most radios.

    1. One frequency for Euro-GSM is 900MHz. That’s not analogue though, and I dunno if anywhere outside the USA used AMPS. The USA has been a bit weird over the years, in using their own systems for mobile phones. It’s only with 3G they joined the rest of the world.

      1. The Euro analog 1g network was NMT (both 450Mhz and 900MHz), TACS/ETACS (this ada USA-style band and was modified AMPS) and C-Netz, which was a german system.
        NMT900 and NMT450 ware the most widely deployed one.

  5. Member banpaia? member brick phones, member the 9122 revision to copy and alter ESNs. Member tumbler phones? Member the oki 900? I member! amps was balls. I still have a box of these phones.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s