Retro tech is cool. Retro tech that works is even cooler. When we can see technology working, hold it in our hand, and use it as though we’ve been transported back in time; that’s when we feel truly connected to history. To help others create small time anomalies of their own, [Dmitrii Eliuseev] put together a quick how-to for creating your own Advanced Mobile Phone System (AMPS) network which can bring some of the classic cellular heroes of yesterday back to life.
Few readers will be surprised to learn that this project is built on software defined radio (SDR) and the Osmocom-Analog project, which we’ve seen before used to create a more modern GSM network at EMF Camp. Past projects were based on LimeSDR, but here we see that USRP is just as easily supported. [Dmitrii] also provides a brief history of AMPS, including some of the reasons it persisted so long, until 2007! The system features a very large coverage area with relatively few towers and has surprisingly good audio quality. He also discusses its disadvantages, primarily that anyone with a scanner and the right know-how could tune to the analog voice frequencies and eavesdrop on conversations. That alone, we must admit, is a pretty strong case for retiring the system.
The article does note that there may be legal issues with running your own cell network, so be sure to check your local regulations. He also points out that AMPS is robust enough to work short-range with a dummy load instead of an antenna, which may help avoid regulatory issues. That being said, SDRs have opened up so many possibilities for what hackers can do with old wireless protocols. You can even go back to the time when pagers were king. Alternatively, if wired is more your thing, we can always recommend becoming your own dial-up ISP.
Quote:
“primarily that anyone with a scanner and the right know-how could tune to the analog voice frequencies and eavesdrop on conversations.”
That was the reason that a particular company made a scrambler for the Star Tac phones. Unknown to the customers (or even the folks who owned and ran the company,) the engineers who made the scrambler implemented a small extra feature. The Star Tac phones those engineers owned had the scrambler function, but they also made the “Chirp, chirp” sound of an original Star Trek communicator from the 1960s.
I saw a few of the “Chirp, chirp” Star Tac phones in operation back in the mid 1990s – in the hands of the engineers/nerds who made them.
The phones did the “Chirp, chirp” when you opened them, just like when Kirk flipped his communicator open.
I think the article could use a reference to the actual software infrastructure used here: osmocom-analog, instead of just linking to a blog article (which is fun to read!) that employs said software:
http://osmocom-analog.eversberg.eu/
sorry, half sentence left out: “could use –more than a reference, but also an illustrative picture–”; the article here is pretty nice!
… and here’s said illustrative picture: https://mobile.twitter.com/dEnergy_dTime/status/1165198295213453312
Man, I should tone down the coffee.
I still use a Motorola V60S flip fone and it is so old (around 20 years) that it will do analog if given the opportunity.
Could those early phones be switched to the 900MHz ISM band? If not, perhaps import phones from areas that used 900MHz for cell and vice versa?
900MHz analog systems like NMT900 used 45MHz duplex split, just like 900MHz GSM that later re-used the band. So the analog stuff can’t fit the USA 902-927MHz license free band.
Same problem with AMPS and the 868MHz european band spanning 863-870MHz.
I live about a block from a local 2 meter repeater. I have found that with my handheld connected to a dummy load I can consistently reach the repeater. I was told my signal was a little scratchy when I did this but it was perfectly understandable and reliable.
I’m licensed and I wasn’t doing anything wrong when I tried this. But if that hadn’t been the case “I was only transmitting into a dummy load” certainly would have not gotten me out of trouble.
The point is be careful.
Yes the author says “As a common-sense rule, nothing bad will happen when transmitting using a 50 Ohm dummy load instead of an antenna, it will allow to send and receive signals within a short range of several meters” however, what about the phones he is using for testing?
Really, to be compliant, they should be wired to an attenuator and then wired to the basestation through a splitter.
If you are replying back to a basestation that’s on a dummy load, the phone is likely to be on max power, and in itself will be breaking the law, as the spectrum has since been reassigned.
I modded my radioshack scanner to pickup the ~955mhz band back in the late 90s. Yes the analog telephone calls where open on the airwaves. Some phones would hop frequencies every 20s or so but otherwise crystal clear.
Yep I had a pro2022 Radio Shack base scanner (I think that was the model #) and you could clip diode 38/39 and it would open up the cell frequencies. It was interesting what I heard – people having affairs, mundane calls about health ailments, idle chat, and other boring topics that ended up being anti-climactic. It was really fun while it lasted. Prior to that, 49mhz phones were great and people would freely give out their credit card numbers over the air while ordering stuff from TV.
You could also listen to calls back then by putting Motorola brick flip phones into test mode . the best of all , you could talk back to the callers while you entered a certain test mode command .
One of the scanners I had was agile enough and was able to get broadcast FM, however compared to a Pioneer FM the scanner was crap. I got a friends first gen car/bag phone and was able to get the audio out and put a 10 turn pot on the VCO of the tuner. The quality and sensitivity of a Motorola front end far excelled that of the ratshack scanner. I could sweep and display the band as well. When sweep is zero it’s like normal tuning, when turned up you could zoom out and then zoom in on another carrier quicker than a scanner would.
This would be real cool if you could drive it from a raspberry pi gpio pin, I think the frequency is too high high compared to the fm output that pi can drive.
For the european analog NMT450 stuff it might be doable with raspi_fm or rpitx, but you’d only have the signaling channel and no traffic channels.
I like the look of those little displays used for the digits.
You can still get displays like that for a price: https://www.digikey.com/en/products/detail/broadcom-limited/HDSP-2530/1236036
Set up your own cellphone network at the cottage.
My first mobile phone was a Motorola MicroTAC Elite with a 14 characters(2 lines) made of leds that looked just like an VFD..
It was literally a brick phone for years and long after its retirement I discovered the 83786633 (testmode) menu which was a great way to snoop on other people’s convo..
The dual line display was great because you could set the phone to listen to the control channel to know in advance which was the new channel number.
Pretty cool stuff to do as a teenager!
It’s all documented in detail here: https://www.qsl.net/n9zia/cell2900/motorola.txt
The article doesn’t even mention NAM programming which is related to today’s eSIM, but back in the day you could change the phone number and ESN easily so with that going for those in the know, one can guess why IMEI/IMSI had its security hardened as it did… well for the better part of a decade or so