GSMcellspotting

GSMcellspotting is a personal non-commercial project. Any reproduction of the content is strictly forbidden without prior written permission.

Sponsored links

Sponsored links


About the suitcase

The suitcase consists of a few parts (see the pictures below):
  • A small laptop
  • A 12V led battery (power for the modem)
  • A GSM modem
  • A GPS (external at the moment)
  • A GSM antenna

How does it work?

The GSM modem has the possibility to scan all of the GSM networks in reach. It reports back all of the cells found on all of the networks. The advantage is that I get information on all of the cells independent of how strong a signal I'm getting from them. (On a phone you only find the cells on the network one is logged on that have the strongest signal). Therefore I can identify all of the cells close by, even those that I don't have access to (closed network, cells that are operative but not yet publicly available, etc.).

Basically the system works by continuously scanning the networks for cells. Each time it finds a cell it logs information about the cell including the signal strength. Each time a cell is logged the position the suitcase was in at the time is retrieved from the GPS and added to the log.

In addition I have written a python script that runs on my phone and reports on the status of the suitcase. The script integrates on the phones desktop (se pictures below) and shows the following information:

  • Number of observations
  • Number of unique cells observed
  • Number of operators observed
  • GPS status

The phone is updated every 5 seconds, and the updates are sent via Bluetooth.

Whats left?

  1. Unfortunately the GPS I am using doesn't have the possibility to connect an external antenn, hence I have to have it on the outside of the suitcase. I would like to replace it with an internal GPS with an external antenna.
  2. USB connections. The modem and the GPS are assigned /dev/ttyUSB0 and /dev/ttyUSB1 at random. I would like to find a way to lock each of them to an assigned port, but I haven't found a way of doing this yet. The reason is that they both use the same USB to COM system so the system sees them as the same device. Alternatively I can change the program so that it automatically detects which is which.
  3. The computers power usage could be optimized better. Only run a terminal, no graphics, etc.
  4. Extend the suitcase so both the modem and the PC can be powered by a 12V power supply in a car.
  5. LEDs on the outside of the suitcase indicating battery-strength, GPS fix and modem status.
  6. Bluetooth alarm. An alarm in the suitcase that sets of if the suitcase looses contact with my cell phone.
  7. The led battery is heavy and cannot be taken aboard a plane. Perhaps replace it with a different type of battery.
  8. Possibility of taking a picture of a cell-tower and automatically upload it from the phone to the log via Bluetooth.
  9. Change the script so that it logs to a local MYSQL database instead of a flat file. This would make the process of updating the main database easier.
  10. I'm rebuilding the system so that it can easily be moved between the suitcase and a backpack. The suitcase works fine in a car, but is a pain in the neck when walking or bicycling.
  11. Purchase a 3G/UMTS version of the modem.

Other ideas that I might implement:

  1. The modem can run internal python scripts. I'm speculating if it's possible to make a stand-alone system where all you need is the modem, a GPS and a battery. The problem is most likely the size of the internal memory.
  2. GSM homing device. It's possible to find the direction a GSM cell is transmitting from its ID. It is also possible to calculate how far from the cell you are using TA (Timing advance). It is therefore possible to write a program that acts as a homing device. It would lock the modem to one cell and then continuously show how far from the cell you are, and in what direction the cell is. The problem is that TA is only accessible during an ongoing conversation, so this could easily be expensive. I probably wouldn't use the program that much, but I would like to write it just to show that it can be done.
  3. Jamming. The modem can detect network jamming. I would like to test this function, but since the equipment used for jamming a network is expensive and also illegal I probably will not do this just yet.
  4. Logging the strength of individual channels for each cell. It's possible to do, but I doubt I'll do it just yet.
  5. 3G/UMTS. I want to extend the suitcase with a 3G/UMTS version of the modem, so that I also can log 3G/UMTS networks.

The big battery dilemma

Traveling during Christmas was a great opportunity to test the suitcase. Unfortunately I found out that SAS doesn't allow you to take batteries that can leak onto a plane. And everybody knows that led batteries can leak. I looked everywhere for an alternative battery and the only thing I found was a 14V Li Mh battery with 3.8 Ah. Unfortunately I couldn't find a good charger for it.

Suddenly I thought of something. I have a battery-powered drill. I checked the batteries for the drill, and they turned out to be 12V 1.3 Ah. No problem taking them on a plane. I tested one of them, and sure enough it worked. In addition it weighs only a fraction of the weight of the led battery. So now I'm annoyed at spending over 100$ on a battery and charger I could have managed without. However 1.3 Ah isn't very much and it only powers the modem for a couple of hours.

Ergo sum ergo existo

The project is a work in progress. Since I deleted a huge part of my project by accident I can't add new cells at the moment. As soon as my exams are over I'll re-write the backend program for adding cells to the database.

I dedicate this project to my fiancé who has been so patient with me spending lots of time on this project.

Feel free to contact me with comments on or questions about the project. Use the contact me link at the top of the page.

Pictures

The image quality is quite poor as they where quickly taken with a crapy camera. I'll take new pictures with my SLR as soon as possible.