Some parts of the world still have ample 2G coverage; for those of in North America, 2G is long gone and 3G has either faded into dusk or beginning its sunset. The legendary [dosdude1] shows us it need not be so, however: Building a Custom 2G GSM Cellular Base Station is not out of reach, if you are willing to pay for it. His latest videos show us how.
Before you start worrying about the FCC or its equivalents, the power here is low enough not to penetrate [dosdude]’s walls, but technically this does rely in flying under the radar. The key component is a Nuand BladeRF x40 full-duplex Software Defined Radio, which is a lovely bit of open-source hardware, but not exactly cheap. Aside from that, all you need is a half-decent PC (it at least needs USB-3.0 to communicate with the SDR, the “YateBTS” software (which [dosdude1] promises to provide a setup guide for in a subsequent video) and a sim card reader. Plus some old phones, of course, which is rather the whole point of this exercise.
The 2G sunset, especially when followed by 3G, wiped out whole generations of handhelds — devices with unique industrial design and forgotten internet protocols that are worth remembering and keeping alive. By the end of the video, he has his own little network, with the phones able to call and text one another on the numbers he set up, and even (slowly) access the internet through the miniPC’s network connection.
Unlike most of the hacks we’ve featured from [dosdude1], you won’t even need a soldering iron, never mind a reflow oven for BGA.
I wonder if low power transmissions fall under part 15…
Either way this is a rather interesting look into cellular technologies. even if it is 2g. Nice work man!
The short answer here is that in the USA, Part 15 applies by frequency range, not as a blanket. IDK if that applies to what is done here, but closer examination of Part 15 will reveal that.
Uncle Charlie can’t be bothered to visit idiots with 1kw linears attached to their previously ‘hacked for range’ CB base stations.
Ask me how I know.
Wasn’t my house, but a friends, you could hear the idiot on anything w a speaker and the microwave oven when it was on.
Vigilante justice served, somehow a pin shorted idiot’s antenna cable, smoke got out.
Normal people sending letters to the FCC is like filing a theft report with the police.
Complete waste of effort.
In the police report case perhaps a misunderstanding of how insurance works, you don’t want to file that claim…
If you interfere with emergency, military or aviation bands, big problems coming.
Commercial bands (e.g. this) small chance of problems unless large area effected.
Hobby bands/very Local issues?
Maybe if the wrong person gets pissed and knows a lever we couldn’t find.
Fantastic video, I’m impressed openBTS also handled internet as well
OpenBTS was so sitty that when we sent an SMS crashed.
Took about 2 years to fix most of the OpenBTS bugs.
Colin is really talented. Because of him my m93p Lenovo thin client has a sata-populated mobo with a 2tb m.2 sata drive and a 2tb ssd drive…true dual boot…one drive for Windows and the other drive for Linux in one cool little form factor.
The base station may not be putting out much power, but I bet the phone is still putting out enough to create interference and get the cell companies to investigate. They have equipment that can track it down quickly.
A 2G phone would be doing this regardless. In the absence of a base station, the phone would be broadcasting at FULL POWER forever, vainly trying to get in touch with a network. Having a low-power base station in one’s home would actually reduce the RF interference, because it would connect to the phone, then send a signal strength report back to the phone so the phone would reduce its transmit power.
I think a 2G phone only receives until it finds a base station. (Source https://www.rfwireless-world.com/tutorials/understanding-2g-gsm-call-flow-and-network-entry )
Jup, it doesn’t transmit anything until it has found something to transmit to. Simply because it wouldn’t even know when to transmit exactly.
Valid point I’d not considered initially.
The base is 3mw which is in his house, but it should have (we hope) set the phone to it’s lowest absolute power, which is 250mw from memory.
So yes, at 250mw he is transmitting outside his walls on the phone itself.
250mw’s not much power, but still maybe detactable at 2km or more (clutter plus my terrible maths apply) It’s not a place I /personally/ would be going. (but I am not people’s keeper)
I wonder if modern cell-towers have triangulation capability for in-band interference?
Since when is it a crime to turn on an old phone? What if there was an intruder in my house and I was hiding in the closet? You better believe I’ll be pulling out my tech horde and trying cell phones in reverse chronological order.
Strange.
Why not the shotgun?
I don’t see what the cops in 30 minutes is going to do for you.
Even if one of the phones works and you live in a ‘fast cops’ burb.
Don’t stay on the line, police will respond quickly assuming one has been shot or killed.
Turning it on doesn’t transmit unless it finds a network.
Turning on a old phone doesn’t transmit anything so that’s not a crime.
Using the phone actively, and that 250mw (hoping he set that from his base) is where the laws are broken. And that transmission on frequencies now in use for other important things, means you are potentially disrupting other people. And that is something /I/ won’t do.
I am sorry you took such clear offense at my post. I would have thought “(but I am not people’s keeper)” should have been a disclaimer enough.
It can detect a purr at 200 meters…
I doubt the cell companies care.
There are bad reception spots many places.
How many indoor cell repeaters being ‘misused’ in backyards?
How many cat detector vans?
In the old old days, the phone company had my dad convinced they could count phones by measuring resistance to ring signals.
But the truth is he was German and just rules crazy.
I don’t know if these guys ever got to a full-blown emulation of a 2G GSM network, but it’s a much cheaper way to get started: https://hackaday.com/2018/04/23/spoofing-cell-networks-with-a-usb-to-vga-adapter/
It will not work since is half duplex.
And unless the basestation is LTE TDD, you do need a full duplex SDR. I suppose you can also do 5G TDD.
For those with older classic cars that had early versions of things like OnStar. Many late 90s and early 2000s luxury and performance cars are in this position. A very short range to Bluetooth solution could give these systems new life.
That’s a great application for this technique.
The wonderful EU dictated all new cars have an eCall service since 2018 for emergency services. What they didn’t dictate is that it should be future proof so manufacturers cheaped out installing 2G/3G only modules.
Cue a few years later 2G/3G gets turned off and your eCall is now eBrick. So laughable that in Sweden at least it’s been a requirement that eCall is functional during the annual inspection, but from next year that will no longer be a test item due to…
I think that modules in the cars can be updated just fine in the same way other stuff like radio and CDROMs got updated.
Dialing *#06# would seem to negate the need for a sim card reader on most phones.
IMSI != IMEI