Copy Link
Add to Bookmark
Report

Phruwt Issue 04 012

eZine's profile picture
Published in 
Phruwt
 · 5 years ago

  

******************************************************************************
************************* Scanning Cell/Cordless Fones ***********************
******************************************************************************

written by stowAway

So, you've heard the buzz on the low security of cell/cordless fones, huh?
Interested in listening in on some of the so-called "private" conversations?
Think of the implications. Anyone with a properly modified scanner can listen
in on these calls and get information you couldn't have dream so easy to get.
Credit card numbers, voice mail box numbers, answering machine codes, anything
that is said over a fone can be picked up with a scanner and the proper
frequency. Because of the fact that my favorite scanner is the Realistic
Pro-43 and in the amateur radio circle it is considered one of the best, that
is what the hardware information article will mainly focus on.

-----------------------HARDWARD CONCERNS WITH THE PRO-43----------------------

What you'll need to know about getting a good Pro-43... DON'T JUST GO TO RAT
SHACK AND BUY ONE OF THEIR CLEARANCE PRO-43'S WITHOUT CHECKING SOMETHING OUT
FIRST!!! The recently passed ECPA (Electronic Communications and Privacy Act)
act prohibits the manufacturing of scanner that can pick up cell/cordless fone
frequencies or can be easily modified to pick up these frequencies, and the
scanning of these frequencies, you will have to get a slightly older Pro-43
that was made before the cutoff date for modification to pick up these amazing
freqs. The following table will show you what is modifiable, and what is not:

Modifiable | Nonmodifiable |
serial number no A in # | begins with A
FCC-ID AA020-300 | AA020-300A

Inside the battery compartment is a paper label containing the date of
manufacture in the form "month A year". For example, 5A3 is May, 1993.
The cutoff date after which units could no longer be modifiable is April,
1994 (4A4). So far, the earliest reported date of manufacture of a
nonmodifiable unit is 3A4 (March, 1994). The PRO-43 was produced under
two brand names. My 6A3 unit that carries the Realistic name; I saw a 12A3
unit that carries the Radio Shack name. At the moment, it is not known
whether this represented a change in labels or whether both types were
produced side-by-side for a time. It is also not known whether their
electronics are different.

You will probably have to look for a used scanner to find one that fits this
bill. When looking for one, DO NOT BE AFRAID TO ASK ABOUT THIS INFORMATION!!!
There are other modifications that can only be done with this model, so the
cell fone is not the only one. If you want to know some of these mods, check
the alt.radio.scanner and rec.radio.scanner newsgroups.

I bought mine as a clearance item from Rat Shack for $250, so they are out
there. After you get your Pro-43, there are something you have to do to get
the cell fones. This is not to be attempted by the faint of heart/electronix
un-enlightened. There are places that will do this modification for you, but
I will do it for a price cheaper than these places.

Note: It is not lawful to monitor cellular or conventional mobile telefone
conversations. <snicker, snicker>

The following procedure will violate your warranty. PLEASE!!! IF YOU DO NOT
KNOW WHAT YOU ARE DOING, DO NOT ATTEMPT THIS PROCEDURE!!! stowAway, PHRuWT,
and all related entities release all reliablity and responsibilty for you
undertaking of this procedure. In otherwords, if you do it and phuck up, it
your loss, not ours.

You will be removing one diode that will restore cell fone frequencies. If
you wish, you can put this diode in another spot and extend your lower end
frequencies, but the lower end freqs are not very clear and in my opinion,
not worth the extra work.

TOOLS NEEDED:
pointed awl
small Philips screwdriver

1) Remove the battery, antenna and back cover (held in place by four screws).

2) Remove the six screws holding the top circuit board in place. Carefully
remove the two screws from the next board and lift it, carefully unplugging
the white connector at the bottom of the board. Lift it up and lay it
aside on its brown wire (which can be unplugged if necessary).

3) Look under the metal shield from the final board, revealing the
microprocessor; note the row of diodes labeled D1-D5 above it. You can
desolder this metal shield if you wish to restore the lower end frequencies,
but if you don't plan on it, its just extra work. Only diodes D1, D2, and
D4 are present; if you will be replacing the diode in a different spot,
assisted by a pointed tool, unsolder and remove D4,the lone diode (this
restores cellular frequencies which will be searched in 30 kHz steps). If
you will not be restoring low band freqs, just knock the diode out of there
with your awl, but BE SURE YOU ARE REMOVING THE RIGHT DIODE!!! Mine were
labeled, so yours should be too.

OPTIONAL:

4) Resolder the removed diode carefully into position D3 to extend low band
coverage to 88 MHz.
5) Reassemble the boards, paying particular attention to the alignment of the
plugs. Test the radio by entering any frequency between 870 and 890 MHz
(cellular) and 51-88 MHz (low band).

------------------------------Scanning the Freqs-------------------------------

Now that you've got your scanner, you wanna listen in on those frequencies.
For cell fone, you want to scan from 869mHz to 900mHz. These will give you
ALL of the cell fone frequencies passing through your home (or wherever the
phuck you are). Cordless fones transmit in the range of 45mHz to 50mHz, scan
these frequencies to find them. Because cordless fones transmit in two ways
(Base to handset and hadset to base), if you pick up the handset to base you
will only hear the person talking into it. Thats about all you need to know.
As you can see, scanning cell/cordless fones is not very complicated. Hell,
its easy as shit. If you need any help, please feel free to e-mail me at:

stowaway@netaxis.com.

I recommed hooking the headfone jack up to a tape recorder so that if any
tones are sent down the line, you can use your handy DTMF tone decoder (that
you got from the official PHRuWT site ftp.netcom.com/pub/fi/filbert/MAC) and
get all those tones and use 'em for your benefit. The nice thing about the
cardz that you will pull from this is that you will get a name, address,
card number, expiration date, and all that other information that fone order
houses ask for. Ahh, life...is good.

In the future, I will be bringing more articles to you on the rapidly
advancing field of cellular technology. As you might have guessed, I am
highly fascinated by this area, so if you know anything about it, tell me
what you have and I'll either help you out or thank you gratuitously.

Keep safe
stowAway

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT