TUCoPS :: Phreaking Cellular - Misc. :: cellufon.txt

Cellular Radio/Phones by Scan Man


CELLULAR RADIO / PHONES


<S><C><A><N><*><M><A><N>








MOST SCANNER ENTUSIASTES ARE FAMILIAR WITH THE STANDARD MOBILE TELEPHONE
SYSTEM; THIS SYSTEM HAS GONE THROUGH VERY LITTLE EVOLUTION IN THE PAST DECADE,
AND IN THE US. IT HAS REMAINED A CONSIDERABLY LIMITED SERVICE. A LARGE METRO
ARE MAY ONLY HAVE SEVERAL HUNDRED USERS, (NEW YORK HAS APPROX. 700 MOBILE
TELEPHONE SUBSCRIBERS), DUE LARGELY TO LIMITAIONS IMPOSED BY SPECTRAL
OVERCROWDING. SO-CALLED CELLULAR TECHNOLOGY PROMISES TO CHANGE ALL THAT,
OFFERING SERVICE TO LITERALLY HUNDREDS OF THOUSANDS OF USERS. LAND MOBILE
COMMUNICATIONS HAS SEEN A 10-12% ANNUAL GROWTH RATE FOR THE PAST TWO DECADES
THE RESULT IS THAT THE 40,150,450 MHZ BANDS ARE OVER CROWDED. EVEN THE
UTILIZATION OF THE NEW 900MHZ BAND WITH 30-40 TIMES MORE CHANNELS AVAIL. THAN
ON OTHER BANDS IS A SHORT LIVED SOLUTION TO THE PROBLEM. CELLULAR TECHNOLOGY IS
A RESONABLE ALTERNATIVE. CELLULAR TECHNOLOGY STANDARDS SUCH AS RECOMMENDED
TRANSMISSION MODES (SSB, FM, DIGITAL, OR SPREAD SPECTRUM) HAVE YET TO BE AGREED
UPON BUT WE CAN OUTLINE THE GENERAL PRINCIPLES BEHIND ITS IMPLIMENTATION AND
USE.




THE CELL AND THE MOBILE CALL




THE ONLY FUNDIMENTAL POINT OF CELLULAR TECHNOLOGY IMPLIMENTATION ACTUALLY
AGREED UPON TO DATE IS THAT A GIVEN SERVICE AREA WILL BE DIVIDED INTO IDENTICLE
ADJACENT CELLS WITH NO OVERLAPS AND NO GAPS,HEXAGONS ARE POPULAR FOR DIAGRAMING
INDIVIDUAL CELLS. AT THE CENTER OF AN INDIVIDUAL CELL IS A BASE STATION WHICH
IS CONNECTED VIA LAND LINE TO A LOCAL MOBILE TELEPHONE SWITCHING OFFICE.
CERTAIN FREQUENCY BANDS ARE ASSIGNED TO CERTAIN CELLS, BUT NOT SHARED WITH
ADJACENT CELLS TO AVOID MUTUAL INTERFERENCE. A MOBILE UNIT WISHING TO MAKE A
CALL WILL GO OFF-HOOK AND TRANS MITT DIGITAL SOURCE AND DESTINATION CODES.
THESE TRANS MISSIONS TAKE PLACE ON SPECIAL SETUP CHANNELS AND ARE JSUT STRONG
ENOUGH TO REACH THE BASE STATION IN THE LOCAL CELL.


THE BASE STATION THEN RECIEVES THE CODES AND FORWARDS A MESSAGE TO THE CENTRAL
SWITCHING OFFICE WHICH IN TURN SENDS OUT A PAGING SIGNAL TO ALL CELLS IN SEARCH
OF THE SECOND MOBILE UNIT WHOSE NUMBER HAS BEEN DIALED. WHEN THE DESTIANTION
UNIT IS FINALLY FOUND, IT RESPONDES TO THE PAGING SIGNAL BY TRANSMITTING AN
ACKNOWLEDGEMENT CODE TO ITS LOCAL BASE STATION ON A SETUP CHANNEL.


THE SWITCHING CENTER THEN ASSIGNES A PAIR OF FREQ'S (CHANNEL PAIR) TO EACH OF
THE UNITS FOR ACTUAL VOICE COMMUNICATIONS TO TAKE PLACE. THESE CHANNEL PAIRS
ARE NOT NECCESARILY THE SAME FOR THE RESPECTIVE CELLS THAT EACH MOBILE UNIT IS
IN. THESE FREQ'S ARE ALSO RELAYED THROUGH THE BASE STATIONS AND THE CENTRAL
SWITCHING OFFICE.


WHEN ONE UNIT MOVES INTO ANOTHER CELL, THINGS GET REALLY INTERESTING. UPON
ENTRY INTO ANOTHER CELL THE MOBILE UNITS MUST TRANSMITT THROUGH A NEW BASE
STATION. AN AUTOMATIC HANDOFF TO THE NEW BASE STATION IS CARRIED OUT BY ANOTHER
EXCHANGE OF DATA THROUGH THE SETUP CHANNEL.


TERMINATION OF THE CALL IS A SIMPLE MATTER. WHEN THE CALL ENDS ON HOOK SIGNALS
ARE EXCHANGED VIA THE SETUP CHANNELS BETWEEN THE MOBILE UNIT AND THE BASE
STATION. THE MAIN VOICE CHANNELS ARE THEN CLEARED.




ADVANCED MOBILE TELEPHONE SYSTEM


IN 1979 AT&T BEGAN TEST MARKETING ITS VERSION OF A CELLULAR TELEPHONE SYSTEM IN
CHICAGO,ILL. THIS SYSTEM IS CALLED ADVANCED MOBILE TELEPHONE SYSTEM (AMPS)


SOME 2100 SQ MILES OF THE METRO CHICAGO AREA ARE DIVIDED INTO 10 CELLS TO SERVE
APPROX. 2000 CUSTOMERS. FULL DUPLEX IS POSSIBLE BY USING A PAIR OF ONE WAY
CHANNELS SEPERATED BY 45MHZ TO CONNECT THE MOBILE UNITS WITH THE BASE STATIONS.
THE RF RANGE IS 825-890 MHZ AND NORMAL NARROW BAND FM IS USED TO TRANSMITT
VOICE. HAND OFF TO ADJACENT CELLS IS ACCOMPLISHED BY MONITORING SIGNAL
STRENGTHS. WHEN THE CENTRAL SWITCHING OFFICE DETERMINES THAT A NEW BASE STATION
RECIEVES THE MOBILE UNITS SIGNAL BETTER THAN THE PREVIOUS ONE THE SWITCHING
OFFICE SIGNALS THROUGH THE VOICE CHANNEL FOR THE MOBILE PHONE TO SWITCH TO A
NEW CHANNEL. COMMUNICATIONS DISRUPTION THROUGH THE SWITCHING PROCESS IS ONLY 50
MILLISECONDS.


AS WITH IMPS (DISCUSSED IN THE FEATURE ARTICLE ON THIS BBS (PIRATE-80)) THERE
IS THE POSSIBILITY OF PHREAKING CALLS WITH IMPS OR AMPS SIMPLY BY MONITERING
THE SETUP CHANNELS WITH A SCANNER AND RECORDING THE ID NUMBERS AND THE DIALED
NUMBERS SINCE THEY ARE IN DIAL PULSE FORM AND AFTER U HAVE A NICE SET OF
NUMBERS U WILL NEED A TRANSMITTER OF SUFFICIENT STRENGTH TO REACH THE BASE
STATION (UNLICIENCED TRANSMITTER OF COURSE).


FINAL COMMENTS




MANY REGULATORY AND IMPLIMENTATION ISSUES REMAIN UNSOLVED. MODULATION ISSUES
ARE THE BIGGEST PROBLEM TO BE SOLVED. SINGLE SIDEBAND AM, NARROW BAND FM,
DIGITAL, AND SPREAD SPECTRUM TECHNIQUE'S ARE ALL BEING CONSIDERED.


BIBLIOGRAPHY


1. CELLULAR MOBILE TECHNOLOGY: THE GREAT MULTIPLIER BY GEORGE COOPER AND RAY
NETTELTON. IEEE SPECTRUM, VOL 20 #6 JUNE 83 PP 30-37


2. MOBILE COMMUNICATIONS ENGINEERING BY WILLIAM C.Y. LEE


3.*** SPECIAL ISSUE ON AMPS. BELL SYSTEM TECHNICAL JOURNAL JAN. 79.




THIS FILE IS PRESENTED BY MT. <S><C><A><N><*><M><A><N> AND PIRATE-80
SYSTEMS....



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH