In May of 2000, then-President Bill Clinton signed a directive that would improve the accuracy of GPS for anyone. Before this switch was flipped, this ability was only available to the military. What followed was an onslaught of GPS devices most noticeable in everyday navigation systems. The large amount of new devices on the market also drove the price down to the point where almost anyone can build their own GPS tracking device from scratch.
The GPS tracker that [Vadim] created makes use not just of GPS, but of the GSM network as well. He uses a Neoway M590 GSM module for access to the cellular network and a NEO-6 GPS module. The cell network is used to send SMS messages that detail the location of the unit itself. Everything is controlled with an ATmega328P, and a lithium-ion battery and some capacitors round out the fully integrated build.
[Vadim] goes into great detail about how all of the modules operate, and has step-by-step instructions on their use that go beyond what one would typically find in a mundane datasheet. The pairing of the GSM and GPS modules seems to go match up well together, much like we have seen GPS and APRS pair for a similar purpose: tracking weather balloons.
Anyone who had a cheap set of computer speakers in the early 2000s has heard it – the rhythmic dit-da-dit-dit of a GSM phone pinging a cell tower once an hour or so. [153armstrong] has a write up on how to capture this on your computer.
It’s incredibly simple to do – simply plug in a set of headphone to the sound card’s microphone jack, leave a mobile phone nearby, hit record, and wait. The headphone wire acts as an antenna, and when the phone transmits, it induces a current in the wire, which is picked up by the soundcard.
[153armstrong] notes that their setup only seems to pick up signals from 2G phones, likely using GSM. It doesn’t seem to pick up anything from 3G or 4G phones. We’d wager this is due to the difference in the way different cellular technologies transmit – let us know what you think in the comments.
This system is useful as a way to detect a transmitting phone at close range, however due to the limited bandwidth of a computer soundcard, it is in no way capable of actually decoding the transmissions. As far as other experiments go, why not use your soundcard to detect lightning?
Electric gates can be an excellent labor-saving device, allowing one to remain in a vehicle while the gate opens and closes by remote activation. However, it can become somewhat of a hassle juggling the various remotes and keyfobs required, so [bredman] devised an alternative solution – controlling an electric gate over the mobile network.
20 years ago, this might have been achieved by wiring a series of relays up to the ringer of a carphone. These days, it’s a little more sophisticated – a GSM/GPRS module is connected to an Arduino Nano. When an incoming call is detected, the gate is opened. After a 3 minute wait, the gate is once again closed.
[bredman] suffered some setbacks during the project, due to the vagaries of working with serial on the Arduino Nano and the reset line on the A6 GSM module. However, overall, the gate was a simple device to interface with, as like many such appliances, it has well-labelled and documented pins for sending the gate open and close signals.
[bredman] was careful to design the system to avoid unwanted operation. The system is designed to always automatically close the gate, so no matter how many times the controller is called, the gate will always end up in a closed state. Special attention was also paid to making sure the controller could gracefully handle losing connection to the mobile network. It’s choices like these that can make a project much more satisfying to use – a gate system that constantly requires attention and rebooting will likely not last long with its users.
Overall, it’s a great project that shows how accessible such projects are – with some carefully chosen modules and mastery of serial communications, it’s a cinch to put together a project to connect almost anything to the Internet or mobile networks these days. For a different take, check out this garage door opener that logs to Google Drive.
[Paul] has put together an insanely small yet powerful tracker for monitoring all the things. The USB TinyTracker is a device that packages a 48MHz processor, 2G modem, GPS receiver, 9DOF motion sensor, barometer, microphone, and micro-SD slot for data storage. He managed to get it all to fit into a USB thumb drive enclosure, meaning that you can program it however you want in the Arduino IDE, then plug it into any USB port and let it run. This enables things like remote monitoring, asset tracking, and all kinds of spy-like activity.
One of the most unusual aspects of his project, though, is this line: “Everything came together very nicely and the height of parts and PCBs is exactly as I planned.” [Paul] had picked out an enclosure that was only supposed to fit a single PCB, but with some careful calculations, and picky component selection, he managed to fit everything onto two 2-layer boards that snap together with a connector and fit inside the enclosure.
We’ve followed [Paul’s] progress on this project with an earlier iteration of his GSM GPS Tracker, which used a Teensy and fit snugly into a handlebar, but this one is much more versatile.
Today, there are dozens of off-the-shelf solutions for a GPS tracking device. Most of them use GSM, some of them use satellites, and all of them are astonishingly inexpensive. If you want to track a car, dog, or your luggage, you’ve never had more options.
[Emilio] wanted to track his own car, and the original solution for this was a smartphone. This smartphone was also a good choice, as it’s a programmable GPS device connected to a cell network, but there had to be a simpler solution. It came in the form of an eight euro GPS module and a three euro GSM module (Google Translatrix right here). The rest of the hardware is an ATMega48V [Emilio] had sitting around and a 2500 mAh lithium cell. It’s a cellular tracker make out of eleven euro’s worth of hardware and some junk in a drawer.
There are only a few caveats to this hardware. First, the ATmega48V only has one UART. This is connected to the GPS module at 9600, 8N1. The connection to the GSM M-590 module is only 2400 bps, and slow enough for a bitbanged UART. This hardware is soldered to a piece of perfboard, thus ending the hardware part of this build.
The software is a little more complex, but not by very much. The GPS part of the firmware records the current latitude and longitude. If the GSM module receives a call, it replies with an SMS of the current GPS coordinates and a few GPS coordinates seen earlier. Of course, a pre-paid SIM is required for this build, but those are cheap enough.
Not even ten years ago, a simple, DIY GPS tracker would have cost a small fortune. Now that we have cheap GPS modules, GSM modules, and more magical electronics from the East, builds like this are easy and cheap. What a magical time to be alive.
[gw0udm] had an ancient monitored alarm system fitted to their home, and decided it was time to upgrade to something a little more modern. They chose a system from Texecom, but when it came time to hook it up to their computer, they were alarmed at the costs – £40 for what amounted to a USB-to-Serial cable! There were other overpriced modules too. But [gw0udm] wanted to upgrade, so it was time to hack the system.
The first step was grabbing a £4 USB-to-Serial board and wiring it up – a simple job for the skilled hacker. As we always say – everything speaks serial. [gw0udm] then set their sights higher – they wanted the Ethernet interface but weren’t about to cough up the coin. After some research, it was determined that a Raspberry Pi could be used with a utility called ser2net with the existing serial interface to do pretty much the same job. It was a simple matter of figuring out the parity and messaging format to get things up and running.
From there, the project moves on to tackling the creation of a GSM module for monitoring in the absence of a local network, and on flashing the firmware of the system itself. It’s great to see a project continually grow and expand the functionality of a product over time.
We see a lot of security systems here at Hackaday – high prices and proprietary hardware tend to inspire the hacker spirit. Check out this reverse engineering of an obsolete 1980s system, resplendent with Eurostile font.
If you want to eavesdrop on GSM phone conversations or data, it pays to have deep pockets, because you’re going to need to listen to a wide frequency range. Or, you can just use two cheap RTL-SDR units and some clever syncing software. [Piotr Krysik] presented his work on budget GSM hacking at Camp++ in August 2016, and the video of the presentation just came online now (embedded below). The punchline is a method of listening to both the uplink and downlink channels for a pittance.
[Piotr] knows his GSM phone tech, studying it by day and hacking on a GnuRadio GSM decoder by night. His presentation bears this out, and is a great overview of GSM hacking from 2007 to the present. The impetus for Multi-RTL comes out of this work as well. Although it was possible to hack into a cheap phone or use a single RTL-SDR to receive GSM signals, eavesdropping on both the uplink and downlink channels was still out of reach, because it required more bandwidth than the cheap RTL-SDR had. More like the bandwidth of two cheap RTL-SDR modules.
Getting two RTL-SDR modules to operate in phase is as easy as desoldering a crystal from one and slaving it to the other. Aligning the two absolutely in time required a very sweet hack. It turns out that the absolute timing is retained after a frequency switch, so both RTL-SDRs switch to the same channel, lock together on a single signal, and then switch back off, one to the uplink frequency and the other to the downlink. Multi-RTL is a GnuRadio source that takes care of this for you. Bam! Hundreds or thousands of dollar’s worth of gear replaced by commodity hardware you can buy anywhere for less than a fancy dinner. That’s a great hack, and a great presentation.
Continue reading “GSM Sniffing on a Budget with Multi-RTL”