Introduction: Explore the Cellular Network With LinkIt ONE

Picture of Explore the Cellular Network With LinkIt ONE
Any sufficiently advanced technology is indistinguishable from magic
-- Arthur C. Clarke

We are surrounded with technology that we don't always fully understand. Take the cellular network for example. Sure, you know that there are radio waves involved and that your phone is communicating with some cellular mast.

You may even have heard that some governement agencies can use fancy-named tools like IMSI catcher or Stingray to intercept your phone calls.

But how is the network working ? What data is received by your phone ? Where are the cell towers located ?

In this Instructable, you will learn how to use your LinkIt ONE board to retrieve -- and understand -- some information about the cellular network that is normally not shown to the general public. In the end, you will be able to use this information to find the location of the nearest cell tower on google maps.

Let's start your journey into the fascinating world of mobile networks !

Step 1: All You Need Is ... Code

Picture of All You Need Is ... Code

For this project, you don't need any external components or modules. All you need is your LinkIt ONE board with it's GSM antenna attached, and the provided source code. That's right, you don't even need a SIM card !

If you have never used the board before, first follow the official getting started guide to get a working Arduino programming environnement. It's a good idea to explore some of the provided examples too.

Now that you have a working setup, you are ready to compile the sketch. Simply follow those steps :

  1. Download the provided file "LinkIt_ONE_Cell_explorer.ino"

  2. Connect your board

  3. Launch the Arduino editor

  4. Go to "File > Open...", and load the .ino file you just saved

  5. Compile and upload the code

  6. Go to "Tools > Serial Monitor", select 9600 baud in the lower right box

After a few seconds, the serial monitor will show various information about the cellular network.

In case of problem, check the following :

  • Did you select the correct board ? Check the menu "Tools > Board: "LinkIt ONE"
  • Did you select the correct COM port ? Check the menu "Tools > Port:"
  • Is the GSM antenna correctly attached to the board ?

Step 2: Understanding the Data

Picture of Understanding the Data

Let's go through the data together.

Once the program is initialized, it will print the current cell and neighbor cell information and refresh it every 5 seconds.

The current cell is the active cell, i.e. the cell that is currently used by the board. The neighbor cells are all the other cells that the board might use in the near future. For example, if you are moving away from the current cell, its signal will become weaker and the board will switch to one of the neighbor cells.

For each cell (current or neighbor), the following data is shown :

MCC : Mobile Country Code. This code represents the mobile operator country. For example, 310 is for USA.

MNC : Mobile Network Code. This code identifies the mobile network operator inside a given country, i.e. a given MCC. For example, in the USA, Verizon has the MNC number 004.

MCC and MNC are combined together to identify uniquely a mobile network operator. Head to the http://www.mcc-mnc.com/ website (or to CellFinder) and look for the MCC/MNC you see in your serial monitor !

BSIC : Base Station Identity Code. It's a code used to uniquely identify a base station. A base station is what you known as the "cell tower" or the "cell mast" (to be precise, it's the antenna and all the power and radio-frequency equipment attached to it).

Cell ID : a base station usually has multiple antennas, each covering a given area or "cell". The cell ID, or CID, is the identifier of the cell.

LAC : Location Area Code. It's a geographical zone covered by a set of base stations.

ARFCN : Absolute Radio-Frequency Channel Number. It's a code that identifies which frequencies are used by the cell. In the provided screenshot, the code 82 means that the downlink frequency is 951.4 Mhz and the uplink frequency is 906.4 Mhz. You can find the translation from ARFCN to frequencies on this website.

Signal Level : it's simply an indication of the signal strength. The higher this number the stronger the signal.


Step 3: Find the Nearest Cell Tower on Google Maps

Picture of Find the Nearest Cell Tower on Google Maps

Now it's time to have some fun !

Choose one cell (current or neighbor), go to Cell ID Finder, enter the data you see in the serial monitor, then hit the "Search Cell ID" button.

After a few seconds, you will see a Google Maps picture of the base station location !

Sometimes the station location is obvious, but sometimes you will find that a station is cleverly hidden ! Can you spot the station in your neighborhood ?

Comments

sowmithm (author)2016-01-19

Great project !!

I am trying to find the location by triangulation. But the accuracy is poor. Is there a way to find out cell towers of all different networks in the location by linkit one..there are modules like SIM900 and Telit which supports that .
Any help in that direction is appreciated

Dr_Salica (author)sowmithm2016-01-23

After some tests, here is what I found.

The LinkitOne only reports the cell towers of the network related to the inserted SIM card. If you insert a SIM card from another network, the reported cells changes according to the new network.

However, if you remove the SIM card, it still reports the same cells. So I guess it keeps something in memory about the network. Maybe it's possible to reset this value but I did not find any clue in the documentation.

wv110 (author)2015-12-21

Would it be possible to pickup any cellphone IMEI or any ID when in close proximity? For example a person enters my house and it would show an ID or whatever. This would be nice for like property security. Since everyone carries a cellphone nowadays......

Dr_Salica (author)wv1102015-12-21

No, it's not possible. Well, at least not easily nor legally :)

To do this, you must either intercept the communication between the cellphone and the base station (and break the encryption) or run your own base station ! It is technically possible to do both but it's quite complicated. Check the Open BTS project if you are interested in running your own base station : http://openbts.org/

If you want to detect your phone when it enters your house, your best option is to detect when it connects to your wifi home network.

DIY Hacks and How Tos (author)2015-12-20

Wow. I didn't know that you could do this with a LinkIt One. Thanks for sharing.

You're welcome :)

The low-level functions (such a getting the cells info) are not directly available through the Arduino API. You have to write a wrapper function with a specific signature and call it with the LTask.remoteCall() function. Feel free to reuse and adapt my source code !


About This Instructable

947views

23favorites

License:

More by Dr_Salica:Explore the Cellular Network With LinkIt ONE
Add instructable to: