Shmoocon 2017: Dig Out Your Old Brick Phone

The 90s were a wonderful time for portable communications devices. Cell phones had mass, real buttons, and thick batteries – everything you want in next year’s flagship phone. Unfortunately, Zach Morris’ phone hasn’t been able to find a tower for the last decade, but that doesn’t mean these phones are dead. This weekend at Shmoocon, [Brandon Creighton] brought these phones back to life. The Motorola DynaTAC lives again.

[Brandon] has a history of building ad-hoc cell phone networks. A few years ago, he was part of Ninja Tel, the group that set up their own cell phone network at DEF CON. That was a GSM network, and brickphones are so much cooler, so for the last few months he’s set his sights on building out a 1G network. All the code is up on GitHub, and the hardware requirements for building a 1G tower are pretty light; you can roll your own 1G network for about $400.

The first step in building a 1G network, properly referred to as an AMPS network, is simply reading the documentation. The entire spec is only 136 pages, it’s simple enough for a single person to wrap their head around, and the concept of a ‘call’ really doesn’t exist. AMPS looks more like a trunking system, and the voice channels are just FM. All of this info was translated into GNU Radio blocks, and [Brandon] could place a call to an old Motorola flip phone.

As far as hardware is concerned, AMPS is pretty lightweight when compared to the capabilities of modern SDR hardware. The live demo setup used an Ettus Research USRP N210, but this is overkill. These phones operate around 824-849 MHz with minimal bandwidth, so a base station could easily be assembled from a single HackRF and an RTL-SDR dongle.

Yes, the phones are old, but there is one great bonus concerning AMPS. Nobody is really using these frequencies anymore in the US. That’s not to say building your own unlicensed 1G tower in the US is legally permissible, but if nobody reports you, you can probably get away with it.

37 thoughts on “Shmoocon 2017: Dig Out Your Old Brick Phone

  1. Holy crap that’s cool. I’ve wanted a DynaTAC for basically forever… but I’ve been held back by the fact that it’s not very practical to have a phone that can’t really make calls any more. (I try to think of myself as a tinkerer, dev, or at least user, and not a collector, which also doesn’t help.)

    I’d love to see a way to make a base station that bridged to existing ‘big’ 3g networks –2g is dead and buried in my area– or even to a landline connection. (FWIW, I have AT&T for my cell phones, and CenturyLink is the local landline provider… they suck, big-time, but I can get past that for something like this.)

    Note that I’m not interested in getting arrested, so I’d probably want the base station coverage to be about the size of my house… a seventy-five-foot radius would be all that and more. I’d use it more as a “cordless” than as a mobile phone.

    1. Bridging to the public phone network is surely pretty easy. Just connect up to a land line. An old voice modem should do it, typically you send them some AT commands then standard 8-bit PCM audio. From there, you’ve got the whole world.

      Or else just use the jack connection on a mobile for headset / mic. Or Bluetooth if you want to be sophisticated about it. Extra points (LOTS of extra points!) if you can do Bluetooth over the same SDR you’re using for 1G.

    1. What we really need is to come into contact with a technologically inferior alien race, then Bono can do a charity song and we ship them all the old gear.

      I’ll even volunteer to move over and be considered a wizard.

      1. You mean we sacrifice Bono to their god then prove that their gods don’t exist because our god is better then we plunder all their natural resource in the name of patriotism while being heralded as creative thinkers and intergalactic heroes.

        1. I don’t really know about all that. But I’m definitely up for sacrificing Bono. Any cause will do. Shouldn’t take much to convince him to do it. He’s spent his life working up to becoming Christ, tell him this is the final step.

    2. My cheap Chinese phone-watch is 2G-only, so be a bit of a shame when it goes over here. Then again I only use it for Bluetoothing up to my actual phone, I just use it to inform me who’s calling. Saves taking the phone out of my pocket.

      Still when 2G finally dies in most of the world, those cheap Mediatek chipsets that seem to be in every Chinaphone will have to be replaced by the 3G versions. Which Mediatek also make, I think the cheap Ebay phone manufacturers are just saving money using 2G.

  2. Now the next step is adding a VoIP trunk component. This way, you could actually call out (or in) using this. Sadly, it’d probably be illegal to put this in a backpack with an LTE hotspot and a Pi or something to run everything so you could walk around calling on your brick phone.

  3. The AMPS frequencies are still widely used for newer cellphone standards in the US. I have no idea why the author thinks they are unused.
    The only reason you might get away with running an AMPS cell at any real power level is that newer standards are able to operate in the presence of narrow band interference. Even so, if you run it for a long enough time, one of the cell companies will be out looking for the signal that’s raising their noise floor.

    1. I just looked it up. In addition to being the GSM 850 band, these frequencies are assigned as LTE band 5, so they are used for 4G. There’s probably a billion dollars of spectrum there.

    2. Yup, and in many countries the military and other agencies actively monitor the entire spectrum with phase/time difference receivers with remote units deployed on building roofs, towers etc, ie they don’t even need to point the antenna to find from where the interference comes, because it’s just a matter of correlating what the receivers get wrt time and phase. I’m not sure if this is the better toy to play with in the age when a wrong haircut can result in a home raid by black dressed legalized thugs with license to kill.

      1. Jajaja eso pasa por que vives en EEUU, si vienen a Sudamerica te garantizo que vas a poder hacer eso y mas, hasta poner tu red AMPS sin problemas, ya que pasará mucho tiempo para que te encuentren. Si, es verdad, esas frecuencias se usan, y realmente hay mucho dinero de por medio. Pero tengo muchos teléfonos AMPS que me encantan, alcance a usarlos, a finales de los 90, cuando era adolescente ya, y mi favorito eran y son los MOTOROLA, en especial el StaTAC y el microTAC ELITE. Saludos desde Argentina

  4. People looking for your signal will especially have a hard time due to all the knee-jerk no-listening-to-phones laws that put a spectrum hole on the AMPS band area on most radios.

    1. One frequency for Euro-GSM is 900MHz. That’s not analogue though, and I dunno if anywhere outside the USA used AMPS. The USA has been a bit weird over the years, in using their own systems for mobile phones. It’s only with 3G they joined the rest of the world.

      1. The Euro analog 1g network was NMT (both 450Mhz and 900MHz), TACS/ETACS (this ada USA-style band and was modified AMPS) and C-Netz, which was a german system.
        NMT900 and NMT450 ware the most widely deployed one.

  5. Member banpaia? member brick phones, member the 9122 revision to copy and alter ESNs. Member tumbler phones? Member the oki 900? I member! amps was balls. I still have a box of these phones.

  6. I would be careful here if you make such a setup. Even if you transmit from your SDR at a very low power to only be receivable at 10’s or 100’s of feet, It’s likely those old AMPS phones did not have much in the way of power management and are cranking out full power to transmit back to your SDR. So while the feds or cell companies might not notice your SDR transmitter, they will very likely notice your AMPS phone cranking out full power. One would be wise to put an appropriate level of transmit attenuation on your phone so the signal doesn’t radiate much beyond your premises or perform the whole experiment in a faraday cage

    1. Out of sheer curiosity, would it actually be illegal to power on an old analog phone? I just found my family’s old Motorola Brick in the basement (hence how I found my self here:-)). The battery is shot and I know it’s got nowhere to phone home, but if i could turn it on, would i actually be breaking the law??

  7. Just pitching in my 2 cents here: The AMPS band situation is even worse where I’m from (Central New Jersey). I don’t have to worry about interrupting local 2G GSM 850 MHz cellular operations as ever since AT&T pulled the plug on the AT&T / Cingular Wireless 2G GSM network back in 2017 I haven’t seen a GSM tower in the area operating on the GSM850 band, it looks like T-Mobile (the only 2G GSM carrier left) operates on GSM1900 as that’s where all of the local GSM traffic now is. However, not only do I have to worry about interfering with LTE Band 5 and also 2G/CDMA bands that operate there in my area but I also run the risk of interfering with local police P25p1 and DMR radios as they decided to tune them to that same spectrum. If that’s not enough I have picked up telemetry and Internet Of Things signals in the same band. So yeah, before you try this make sure your area’s ex-AMPS spectrum is clear and DON’T try this in Central New Jersey unless you can lower your TX power. I can also say that the Kyocera 2235 AMPS/CDMA phone is quite nice for this project.

  8. Is it possible to do the same with cdma networks? I have a very nice motorola v260, it had internet and everything, I live in Brazil and this cell phone was from the vivo operator, and the cdma was turned off here in 2016, I got a signal in 2015, but it said to activate the number, I was a very small child and didn’t understand it, so I thought I couldn’t use it anymore, but I could use it, if I had activated it, but now in 2022 I can’t get any signal, so now I can’t use it anymore, but this cell phone supported mp3 , games and etc but it was all via download, so now it is useless.
    So I wanted to make my own cdma network, but this cell phone seems to be very carrier locked, so my cdma network would have to have the profile saying vivo, and it would have internet.
    Does anyone think this is possible, it will all be worth it as long as it is not expensive over $400 and it has internet, please don’t criticize me, this phone is very special to me and I think its blue keyboard is very beautiful

Leave a Reply to JasonCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.