is it possible to use an android phone to collect IMEIs or unique Phone IDs of phones within the same cell? Probably there is already some hack to use osmocom ... what I am looking for is an easy to work solution to scan traffic (by counting car drivers phones )
Theoretically yes but practically no.
In a normal GSM network you will expect Mobile identity IMEIsv data fields to be encoded in a message called Identity Response.
This message is sent in a encrypted channel called sdcch/8. You need to decrypt (and find) this exact message in that channel to detect the imei of a given uplink transaction.
To be able to catch an uplink data transaction you need to have a radio receiver that is listening on the uplink frequencies and you're android phone does not do that.
You were looking for an easy to work "solution to scan traffic".
What I suggest you do is try to find a phone that will give you information about the CCCH channel this is unencrypted and can contain Paging Requests with tmsi or imsi information. The tmsi is more anonymous and it gives you some kind of statistic for counting.
The "easiest" way to do this (today) is to use Nokia 3310 and the dct3 gsmtap project. Filter the pcap file using options in tshark.
There may be more accurate ways of counting cars.
Well theoretically yes, but the problem here is that you need to know how the radio interface of your android phone works and have a driver for it before you can do that.
As far as I know there are no such drivers for GNU Radio.
The other problem is that the CPU on your mobile phone is not strong enough to handle the amount of data processing needed to perform such task, it may come a day when you have quad core CPUs with lots of RAM and strong DSP support, but I don't think we are there right now.
Related
Let's say I have an Android device which supports GSM 800/900Mhz bands and I want to use it as a transmitter to remotely control a car or anything else.
Is it possible to program such a thing on Android ? Maybe using NDK ?
The purpose would be to send custom packets on these frequencies.
Thanks.
There are a lot of misunderstandings in this concept, however what you're thinking of quite nice, assuming it would be possible (which isn't :( ).
RF communication is handled EXCLUSIVELY by the modem software, which is included in the baseband binaries.
You cannot simply tap into it, and send whatever you like, since the protocol and its transport layer are very strict to comply with the GSM rules.
Also - since baseband binaries are under strict control there are very few, to none custom ones.
There are also WAY many other reasons why this is not actually possible, without lots of hackish work. Those devices are made strictly to perform on the GSM network. You could use another reciver to for example send WAP push messages (in raw form) as commands, however expect the delays to be HUMONGOUS (ie. 1second - 20 seconds) which is not viable for any kind of remote control. Same results as SMS communcation, just in an unrestricted form.
CAUTION: Using telecom broadband channel is BANNED for public use in most countries, so even if you get an external GSM bands transmitter (which actually can be done), you still would need to comply to your countries regulations.
Possibly related thread: https://electronics.stackexchange.com/questions/94668/longest-range-remote-control
How can a device identify the other devices to whom we need to send data and transfer the data to other device.
If the device1 send the data to device2, will other device say device3 near to them will receive same data?
Please read up on the whole Bluetooth story. You seem to have problems with basic concepts. Also, it would probably help to be a bit more specific in your questions for example specifying which BT version are you referring to.
For identifying the devices, each of them has a separate address. They even have human readable names. (Look at the Wiki page linked above Connection and communication) Also, during the pairing process, you should have to get to know and explicitly allow the devices which you really want to communicate with, the goal of the process is exactly to make sure to have an explicit authorization between the devices for communication.
Yes, device3 will receive the radio signals, but if not authorized, it won't be able to tell what is going on - unless it is a misbehaving device cracking the encryption... (Given the communication is actually encrypted, that is.) Reading the Security Concerns part is also useful.
Bluetooth can connect up to eight devices simultaneously. With all of those devices in the same 10-meter (32-foot) radius, you might think they'd interfere with one another, but it's unlikely. Bluetooth uses a technique called spread-spectrum frequency hopping that makes it rare for more than one device to be transmitting on the same frequency at the same time. In this technique, a device will use 79 individual, randomly chosen frequencies within a designated range, changing from one to another on a regular basis. In the case of Bluetooth, the transmitters change frequencies 1,600 times every second, meaning that more devices can make full use of a limited slice of the radio spectrum. Since every Bluetooth transmitter uses spread-spectrum transmitting automatically, it’s unlikely that two transmitters will be on the same frequency at the same time. This same technique minimizes the risk that portable phones or baby monitors will disrupt Bluetooth devices, since any interference on a particular frequency will last only a tiny fraction of a second.
So what if they interfere and there is a erroneous data, the receiving system simply discards it based on correcting bits of the packets transffered.
Bluetooth devices have a parameter or option called visibility. When you enable visibility, then the bluetooth device starts
publishing its presence within the bluetooth frequency range. This presence can then be detected by any other bluetooth device which can connect to this device when
it scans the above bluetooth frequency range.
As they use spread-spectrum frequency hopping described above they
publish data to all receivers but only the intended receiver with whom
the sender is connected will have the key to unlock the data.
I have been reading information on NFC but could not find exact process or sequence of steps that happens when an NFC mobile phone comes in contact with an NFC tag?
In more detail i got to know how the antenna, coil etc generate the magnetic field and how data is transferred, but i want to know
whether any handshaking happens in the first stage?
Or What data is transferred between 2 NFC enabled phones before the actual sharing of a photo or any information happens.
Thanks in advance.
For explanation purposes, lets say the actual hardware communication of magnetic field generation, etc. etc. is the hardware layer of communication.
On the android OS layer, there is something called NfcManager ( a service ) that runs in the background when you enable "Nfc" settings. This service is responsible for converting the raw byte data that is received from the below layers, which could be the kernel or the hardware layer, depending on how you look at it.
Once the service picks it up, this link should give you a basic idea as to how it is pushed into the application!
As far as 2 NFC phones go, this is not an extremely informed opinion, but im guessing from sheer experience. In the case of a data that needs to be sent below a certain quantity, there is no "pairing" that happens. It identifies the other 2nd NFC device and simply sends out data. In the case of photos or anything larger, i would assume it pairs it using Bluetooth and sends out the data.
This is sort of an odd question, but I know it is possible.
I am trying to broadcast packets over a specific frequency and I want a phone running an application to pick up on these packets. The phone will not need a connection to any network to do this, but simply have it's wifi turned on. The broadcasting device does not need to get any information back from the phone and delivery of every packet to the phone does not need to be guaranteed, much like UDP.
Where do I start? Is this possible for phones without rooting them. Is there some kind of FCC regulation against doing this (over the standard wifi spectrum).
I know this is possible because it's exactly how routers tell a phone they are available to connect. Thanks in advance for any input.
I'm not familiar with iOS development although similar techniques may exist.
Without root
But requires coarse- and/or fine-grained location permission on Android
You can use WifiManager.getScanResults() to scan for wireless router broadcasts.
The network "name" (SSID) and router MAC address (BSSID) are included in the results. You could broadcast these packets and encode data into these fields.
That said, I hope your messages are short as you'll be getting 38 bytes per packet (32 SSID bytes + 6 MAC address bytes).
Yes, some MAC addresses are special or invalid, but if you're just broadcasting and not actually using them, they can still transmit the data.
With root
Depending on the wireless chipset and driver support, you may be able to put the device into "monitor mode" which gives you access to the raw packet data.
The main drawback is that there is no official support for it.
You might find some hacky ways to do this from a Google search but I wasn't able to find any universal solution that works on all (or even most) devices.
I require a fast reliable method of sending control commands (simple data, possibly only a few dozen possible commands) to a remote system which is using a smartphone* as its onboard computer. I have deemed standard data packages used for mobile internet data transfer as too unreliable of control purposes, however I have noticed that once a voice call is initiated it is much more reliable. Has there been any development into sending data between phones across a connected call, and if not are there any known reasons a modified dialup modem in software form couldn't be used?
Furthermore, could this protocol be robust enough to send back low res video and other simple numeric data?
*Smartphone - A phone with significant processing power and ability to run custom programs (most likely with an Android based OS however am open to suggestions)
Have you tried SMS? while you won't get video data it may work for small chunks of data. Also if the small chunks are from the phone to a server, you may try sending DTMF down the line (however I've yet to see that working.
Other than that it's customised hardware.
Hmmm...this reminds me of those old TV games like Hugo...there you had a voice connection and I think the commands were given by the different tone of the key pressed from 0-9. Maybe you should try something similar.