ABSTRACT
This report presents the design, implementation, and testing of a dual-band cell-phone jammer. This jammer works at GSM 900 and GSM 1800 simultaneously and thus jams the three well-known carriers in Jordan (Zain, Orange, and Umniah). This project went through two phases:Phase one: studying the GSM-system to find the best jamming technique, establishing the system design and selecting suitable components.Phase two: buying all the needed components, drawing the overall schematics, fabricating the PCB layout, assembling the devices, performing some measurements and finally testing the mobile jammer.The designed jammer was successful in jamming the three carriers in Jordan as will be shown at the end of this report.
CHAPTER 1
INTRODUCTION
Communication jamming devices were first developed and used by military. This interest comes from the fundamental objective of denying the successful transport of information from the sender (tactical commanders) to the receiver (the army personnel), and vice-versa. Nowadays, mobile (or cell) phones are becoming essential tools in our daily life. Here in Jordan, for example, with a rather low population (around 5 million), three main cell phone carries are available; namely; Zain, Orange, and Umniah The first two use the GSM 900 system, while the third uses the GSM 1800 system. Needless to say, the wide use of mobile phones could create some problems as the sound of ringing becomes annoying or disrupting. This could happen in some places like conference rooms, law courts, libraries, lecture rooms and mosques. One way to stop these disrupting ringings is to install a device in such places which will inhibit the use of mobiles, i.e., make them obsolete. Such a device is known as cell phone jammer or "GSM jammer", which is basically some kind of electronic countermeasure device.
1.1 About 802.11
IEEE 802.11 refers to the set of standards set forth by the Institute of Electrical and
Electronics Engineers(IEEE). More speci_cally, working group 11 of the 802 category for
LAN/MAN technologies has been reserved for defining the standards of wireless local area networks (WLAN) operating in the 2.4GHz and 5GHz ISM bands. To ease the overwhelming increase of technical jargon, the term Wi-Fi has been adopted to refer to the IEEE 802.11 standard by the general public. It should be noted that the Wi-Fi alliance had first coined the term to define a slightly different set of standards, however it is still commonplace to use the terms [IEEE] 802.11 and Wi-Fi interchangeably.
Since its initial release in 1997, 802.11 has undergone a variety of changes to not only improve speed and quality, but also to increase security. Each amendment to the original IEEE 802.11 standard further exempli_es this. Amendments A, B, G, N, and I are most recognizable as theyve made notable changes to the original standard. IEEE 802.11 a/b/g/n generally de_ne the implementations frequency spectrum and modulation. For instance,
802.11a operates in the 5GHz spectrum, using OFDM to obtain 54Mbit/s data rate,
1.2 802.11 MAC Layer Understanding
For understanding the various attacks discussed in the consequent section we _rst need to understand the 802.11 MAC layer protocol. Unlike the CSMA/CD protocol used by wired networks, the basic access mechanism in wireless MAC layers is CSMA/CA, which is Carrier Sense Multiple Access with Collision Avoidance Mechanism. In collision avoidance mechanism, a station willing to transmit senses the medium and if the medium is busy then
it defers. If the medium is free for a specified time (called DIFS, Distributed Inter Frame Space) then the station starts counting down its contention window (CW) and is allowed to transmit once the contention window becomes zero and the channel continues to be idle. For the various transmissions the Network Allocation Vector (NAV) is broadcast within the packet to all the other sending stations to backo_ i.e. not sense the medium again until the
time as indicated in the Network Allocation Vector (NAV).If the channel ceases to be idle then the CW countdown is deferred till the next opportune moment. The CW is initially set as CW in case of a new data transmission and is set to CW max min in case of a re-transmission attempt. Once the receiving station receives a packet, it checks the CRC of the received packet and send an acknowledgement packet (ACK) after a specified time period (called
er
CHAPTER 2
PROJECT ANALYSIS
2.1.1 Parts of the System
a. Power Supply
b. Infrared Section
c. Radio Frequency Section d. Antennas
e. Jamming Signal Detector
2.2 Methodology
The technology behind cell phone jamming is very simple. The jamming device broadcasts an RF signal in the frequency range reserved for cell phones that interferes with the cell phone signal, which results in a "no network available" display on the cell phone screen. All phones within the effective radius of the jammer are silenced. It should be mentioned that cell phone jammers are illegal devices in most countries. According to the Federal Communications Commission (FCC) in the USA: "The manufacture, importation, sale, or offer for sale, of devices designed to block or jam wireless transmissions is prohibited". However, recently, there has been an increasing demand for portable cell phone
jammers. We should mention that this project, presented in this report, is solely done for educational purposes. There is no intention to manufacture or sell such devices in Jordan, or elsewhere. In this project, a device that will jam both GSM 900 and GSM 1800 services will be designed, built, and tested. Now days when cellular phones are everywhere, facilities like prisons are facing a big problem. It is a well known fact that prisoners are using cellular phones, which have being smuggled into their prison cells, as a tool to coordinate, share information and manage their business outside prison.
Jamming Techniques:
CHAPTER 3
PROJECT DESIGN
3.1 Mobile Jamming Techniques
There are several ways to jam an RF device. The three most common techniques can be categorized as follows:
3.1.1 Spoofing
In this kind of jamming, the device forces the mobile to turn off itself. This type is very difficult to be implemented since the jamming device first detects any mobile phone in a specific area, then the device sends the signal to disable the mobile phone. Some types of this technique can detect if a nearby mobile phone is there and sends a message to tell the user to switch the phone to the silent mode (Intelligent Beacon Disablers).
3.1.2 Shielding Attacks
This is known as TEMPEST or EMF shielding. This kind requires closing an area in a faraday cage so that any device inside this cage can not transmit or receive RF signal from outside of the cage. This area can be as large as buildings, for example.
3.1.3 Denial of Service
This technique is referred to DOS. In this technique, the device transmits a noise signal at the same operating frequency of the mobile phone in order to decrease the signal- to-noise ratio (SNR) of the mobile under its minimum value. This kind of jamming technique is the simplest one since the device is always on. Our device is of this type.
3.2 Design Parameters
Based on the above, our device which is related to the DOS technique is transmitting noise on the same frequencies of the two bands GSM 900 MHz, and GSM 1.8 GHz (known also as DCS 1800 band). We focused on some design parameters to establish the device specifications. These parameters are as follows:
The distance to be jammed
This parameter is very important in our design, since the amount of the output power of the jammer depends on the area that we need to jam. Later on we will see the relationship between the output power and the distance D. Our design is established upon D=10 meters for DCS 1800 band and D=20 meters for GSM 900 band.
The frequency bands
|
UPLINK
(Handset transmit)
|
DOWNLINK
(Handset receive)
|
USED IN
JORDAN BY:
|
GSM 900
|
890-915 MHz
|
935-960 MHz
|
Zain + Orange
|
DCS 1800
|
1710-1785 MHz
|
1805-1880 MHz
|
Umniah
|
Table 3.1. Jammer Frequency Bands
In our design, the jamming frequency must be the same as the downlink, because it needs lower power to do jamming than the uplink range and there is no need to jam the base station itself. So, our frequency design will be as follows:
GSM 900 935-960 MHz
GSM 1800 1805-1880 MHz
Jamming–to-signal ratio {J/S}
Jamming is successful when the jamming signal denies the usability of the communication transmission. In digital communications, the usability is denied when the error rate of the transmission can not be compensated by error correction. Usually, a successful jamming attack requires that the jammer power is roughly equal to signal power at the receiver (mobile device).
Free Space Loss
The free-space loss (or path loss) is given by:
Path loss( db) = 32.44 + 20log d(km) + 20log f(MHz)
The maximum free space loss (worst case F) happens when the maximum frequency is used in the above equation. Using 1880 MHz gives:
F (dB) =32.44+20 log 0.01 + 20 log 1880 which gives F =58 dB.
3.4 Circuit Description
3.4.1 Power Supply
This is used to supply the other sections with the needed voltages. Any power supply consists of the following main parts:
Transformer: - is used to transform the 220VAC to other levels of voltages.
Rectification: - this part is to convert the AC voltage to a DC one. We have two methods for rectification:
A] Half wave-rectification: the output voltage appears only during positive cycles of the input signal.
B] Full wave –rectification: a rectified output voltage occurs during both the positive and negative cycles of the input signal.
The Filter: used to eliminate the fluctuations in the output of the full wave rectifier “eliminate the noise” so that a constant DC voltage is produced. This filter is just a large capacitor used to minimize the ripple in the output.
Regulator: this is used to provide a desired DC voltage.
3.4.2 IF Section
The tuning section of the jammer sweeps the VCO through the desired range of frequencies. Basically, it is just a triangle or sawtooth-wave generator; offset at a proper amount so as to sweep the VCO from the minimum desired frequency to a maximum. The tuning signal is generated by a triangular wave mixed with noise. The IF section consists of three main parts:
1. Triangle wave generator. (To tune the VCO in the RF
No comments:
Post a Comment