Build Your Own GSM Base Station For Fun And Profit

Over the last few years, news that police, military, and intelligence organizations use portable cellular phone surveillance devices – colloquially known as the ‘Stingray’ – has gotten out, despite their best efforts to keep a lid on the practice. There are legitimate privacy and legal concerns, but there’s also some fun tech in mobile cell-phone stations.

Off-the-shelf Stingray devices cost somewhere between $16,000 and $125,000, far too rich for a poor hacker’s pocketbook. Of course, what the government can do for $100,000, anyone else can do for five hundred. Here’s how you build your own Stingray using off the shelf hardware.

[Simone] has been playing around with a brand new BladeRF x40, a USB 3.0 software defined radio that operates in full duplex. It costs $420. This, combined with two rubber duck antennas, a Raspberry Pi 3, and a USB power bank is all the hardware you need. Software is a little trickier, but [Simone] has all the instructions.

Of course, if you want to look at the less legitimate applications of this hardware, [Simone]’s build is only good at receiving/tapping/intercepting unencrypted GSM signals. It’s great if you want to set up a few base stations at Burning Man and hand out SIM cards like ecstasy, but GSM has encryption. You won’t be able to decrypt every GSM signal this system can see without a little bit of work.

Luckily, GSM is horribly, horribly broken. At CCCamp in 2007, [Steve Schear] and [David Hulton] started building a rainbow table of the A5 cyphers that is used on a GSM network between the handset and tower. GSM cracking is open source, and there are flaws in GPRS, the method GSM networks use to relay data transmissions to handsets. In case you haven’t noticed, GSM is completely broken.

Thanks [Justin] for the tip.

Smartphone and IR Line Laser Measure Distance

Measuring the distance using lasers is a mainstay of self-driving vehicles and ambitious robotics projects. The fine folks at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) decided to tackle the problem in an innovative way. [Jason H. Gao] and [Li-Shiuan Peh] used an infra-red (IR) line laser and the camera on a smartphone. Their prototype cost only $49 since they used a smartphone that was on hand. The article reports good results using the device outdoors in direct sunlight which is often a challenge for inexpensive lidars.

The line laser creates a horizontal line that is reflected back to the camera on the phone. The vertical position of the laser on the camera image lets the phone calculate the distance by parallax. To bring out a faint laser reflection, the algorithm compares four images – two with the laser on and two with it off – and subtracts the background. Using a smartphone for this is ideal since it automatically adjusts for light level and can easily be upgraded to a newer phone with a better camera later.

This should be a cheap and easily replicable setup. If you make one of these, let us know. If you need something more refined, check out this post on interfacing the Neato vacuum cleaner’s XV-11a lidar with the Raspberry Pi.

Continue reading “Smartphone and IR Line Laser Measure Distance”

App Control With Ease Using Blynk

App development is not fun for everyone, and sometimes you just want to control a device from your phone with minimal work. Blynk appears to be a fairly put-together library for not only hooking up any Arduino or esp8266 to a phone through WiFi, but also through the net if desired.

Install the app onto your iPhone or Android device. Install the libraries on your computer. Next, modify your Arduino source to either pass direct control of a pin to Blynk, or connect Blynk to a virtual pin inside your code for more advanced control. If you want to go the easy route, create an account, log into the app, and drag and drop the interface you’d like. If the idea of letting some corporation host your Arduino project sends shivers down your spine, there is also an option to host your own server. (Editorial snark: Yes, it requires a server. That’s the cost of “simplicity”.)

There have been a few times where we’ve wished we could add app control to our projects, but installing all the libraries and learning a new language just to see a button on a screen didn’t seem worth it. This is a great solution. Have any of you had experience using it?

$3 Smartphone From India

The release of the Ringing Bells Freedom 251 means exciting things for India, and if it goes well possibly the hacker community, too. This $3 device comes with all the things you’d expect from your standard smartphone. Considering any of the individual components alone (4″ IPS screen, cell modem, 1450 mAh battery, 1.3 GHz quad-core processor, 3.2 MP front and 0.3 MP rear cameras) could cost more than the whole thing put together, some skepticism is warranted.

There is speculation about how this is possible given Ringing Bells’ claims of no government subsidies. Considering the prototype presented to the media was from Chinese company Adcom, this may be a big scam in the making. The BBC does an examination of the many ways this seems sketchy, including the lack of appropriate government approvals (like the Indian equivalent of the FCC), and the experience of the company selling it (established in 2015).

Still, consider us curious and hopeful that we may have a new tool as useful and cheap as the ESP8266 has been. That said, it will be interesting to see if the company can maintain stock and limit hardware sales to their intended market or will a curious world electronics ecosystem make them a scarce stock item.

[via BBC]

Robo Car Via 3G

[Emil Kalstø] has a pretty solid remote control car. We don’t mean a little car with a handheld remote you can drive around the neighborhood. [Emil’s] car has a camera and a cell phone so that it can go anywhere there’s 3G or 4G networking available.

The video (see below) shows the results (along with [Emil’s] little brother acting as a safety officer). The video offers tantalizing detail you might find useful if you want to reproduce a similar vehicle. However, it stops short of providing complete details.

The two batteries onboard will power the vehicle for over 20 hours of continuous use. The 30W motor is reduced with a chain drive to go about “walking speed.” There’s a Raspberry Pi with a Huawei 3G USB dongle onboard and [Emil] uses an XBox controller to do the steering from the warmth of his living room. Of course, a Pi can’t handle a big motor like that directly, so a Phidgets USB motor controller does the hard work. The software is written using Node.js.

The camera mount can swivel 230 degrees on a servo so that the operator can scan the road ahead. The video mentions that steering the car required a heavy-duty servo with metal gears (an earlier attempt with nylon gears didn’t work out).

Overall, it looks like a solid build. We hope [Emil] will share code and more details soon. If you can’t wait (and your insurance is paid up), you might have a go at an even bigger car. Surprisingly, there’s more than one example of that.

Continue reading “Robo Car Via 3G”

Building One Thing In China

Conventional wisdom dictates that if you need to make a million of something, you go to China. China is all about manufacturing, and there aren’t many other places on the planet that have the industry and government-subsidized shipping that will bring your product from China to people around the world. Building a million things in China is one thing, but what about building one thing? How do you create a working prototype of your latest product, and how do you make that prototype look like something that isn’t held together with zip ties and hot glue? The folks at Hatch Manufacturing have a guide for doing just that, and lucky for us, it’s a process that’s easy to replicate in any well-equipped shop.

In this tutorial/case study/PR blitz, Hatch Manufacturing takes on constructing a one-off smartphone. The Huaqiangbei markets in Shenzhen are filled with vendors selling smartphones of all shapes and sizes. If you want a miniature iPhone running Android, that’s no problem. If you want a phone that looks like a 1969 Dodge Charger with the Stars and Bars on top, you can find it in China. But how are all these phones made, and how do you show off a prototype to factories begging for business?

The answer, as is always the case, comes from one-off manufacturing. Building, assembling and reworking PCBs is a well-trodden path whose process could fill several volumes, but for this post, Hatch Manufacturing decided to focus on the plastics that go into a smartphone or tablet.

Once the case or enclosure is designed with a few CAD tools, a block of plastic is run through a mill. After that, it’s a matter of painting and finishing the latest smartphone that will show up in the Chinese market. Putting a professional finish on a block of plastic is something that will look familiar to anyone who has ever assembled a miniature plastic model. There’s priming, airbrushing, sanding, more painting, sanding, wet sanding, and still more sanding. After that comes polishing the plastic part to a fine finish. It is extraordinarily labor intensive work even for a skilled hand with the right equipment.

Once the plastics are done, the PCB, display, battery, and everything else comes together in a completely custom one-off prototype. It’s very similar to how this would be done in any small shop with a benchtop mill and a dozen grades of wet/dry sandpaper. It’s also something anyone can do, provided they have enough practice and patience.

Snooping on SIM Cards

[Nils Pipenbrinck] has been working on a very interesting problem. The SIM card in your cellphone talks to the contactless near-field communication (NFC) chip through a cool protocol that we’d never hear of until reading his blog: single wire protocol (SWP).

The SIM card in your cellphone has only a limited number of physical connections — and by the time NFC technology came on the scene all but one of them was in use. But the NFC controller and the SIM need full-duplex communications. So the SWP works bi-directionally on just one wire; one device modulates the voltage on the line, while the other modulates the current, essentially by switching a load in and out.

This signalling protocol makes snooping on this data line tricky. So to start off his explorations with SWP, [Nils] built his own transceiver. That lead [Nils] to some very sensitive analog sniffer circuit design that he’s just come up with.

If you get interested in SWP, you’ll find the slides from this fantastic presentation (PDF) helpful, and they propose a solution very similar to the one that [Nils] ended up implementing. That’s not taking anything away from [Nils]’s amazing work: with tricky high-speed analog circuitry like this, the implementation can be more than half of the battle! And we’ll surely be following [Nils]’s blog to see where he takes this.

Banner image: An old version and a new version of the transceiver prototype.

Thanks to [Tim Riemann] for the tip!