Cellular Telephone Experimenters Kit Review
Review by Mr. Upsetter
Cellular Telephone Experimenters Kit $125, Available for OKI 900 Network Wizards PO Box 343 Menlo Park, CA 94026 Voice: (415) 326-2060 Fax: (415) 326-4672 Internet: info@nw.com OKI Telecom (404) 995-9800 (800) 554-3112Any technology that combines radio, telephones, and computers is sure to interest hackers. It's no wonder cellular telephony has received so much attention. now exploring the system is a little easier for us.
A company called Network Wizards has introduced an interface that allows control of an OKI 900 cellular telephone from a DOS PC via the RS-232 port. Their Cellular Telephone Experimenters Kit (CTEK) consists of an interface, four DOS executables for controlling the phone, and a C function library so you can write your own programs. Also included on disk are a user's manual, function library manual, and a short cellular tutorial.
The interface itself is contained in a small black box with a DB-25 connector on one end. A cable with a specialized plug for connecting to the OKI is on the other end. Inside is a PIC16C54 microcontroller which converts data from the OKI to standard RS-232 data. The interface also has a mini-stereo jack for connecting a microphone and earphone.
The DOS executables included with the CTEK allow you to perform numerous functions. The MENU.EXE program allows you to change any of the phone's five NAMs. (A NAM, or Number Assignment Module, consists of a Telephone Number, System ID, Initial Paging Channel, Access Overload Class, and Group ID mark. This information, along with the ESN, identifies your phone in the cellular system.)
This program also allows you to read, write, and edit the phone's 200 alphanumeric memories. The TEST.EXE program allows you to manually control the transmit and audio functions of the phone. You can turn the transmitter on or off and set the channel, Supervisory Audio Tone (SAT), and transmit power. You can also set the volume, mute the transmit, or receive audio as well as set the audio source to the earpiece, sounder, or external jack on the CTEK interface. The TEL.EXE program allows you to monitor the paging channel and displays all the Forward Control Channel messages. It also allows you to place and receive a phone call while displaying the voice channel messages. The KEYCON.EXE program simply allows you to press keys on the OKI from the computer keyboard.
The programs provided with the CTEK certainly expand the functionality of the phone. But to do the really fun stuff, you need to write your own programs. Source code to TEL.EXE and KEYCON.EXE are provided to get you started with the CTEK function library. Although my C programming skills were a little rusty, I found it easy enough to write programs with the library. I wrote a cellular scanning program which had the following capabilities:
- Scan for a paging channel and display the messages. If a voice channel is assigned, go to that channel and listen to the call.
- Scan voice channels and listen to active channels.
- Scan OMNICELL channels and listen to active channels.
- While listening to a call, display the voice channel messages.
- Automatically follow handoffs.
- Decode DTMF, change the volume or audio source.
- Automatically mute the audio and stop monitoring when the call is released.
Other functions in the library allow you to send Reverse Control Channel messages, get the received signal strength, control transmitter and audio functions, and read the phone's memory. Overall the function library is quite versatile. I had several other ideas for programs, for instance:
- Log all messages and call information for certain cellular phone numbers. You could log paging channel messages, calls placed and received, call durations, DTMF digits dialed, cell channels used, etc.
- Create a "spectrum" display of the cellular band by scanning all channels and recording the signal strength.
- With a map of cell sites in your area, physically track a phone as it moves from cell to cell.
I had great fun exploring the cellular network while playing with the CTEK. But this kit isn't for everyone.
To get the most out of the CTEK, you need to write your own programs. The executables provided in the kit really don't use the phone to its highest potential. Also, the OKI 900 isn't the cheapest phone in the world. It goes for about $400 to $450 new, perhaps $300 used if you can find one. Still, you could put together a great cellular monitoring system comparable to the ones designed for law enforcement for a few hundred dollars as opposed to a few thousand dollars.
The CTEK is best suited for monitoring the cellular network rather than as a tool for fraud. You cannot change the phone's ESN with the CTEK. In fact, the library function which lets you send Reverse Control Channel messages won't even let you send a bogus ESN.
Overall, the CTEK is a well designed product, both in hardware and software. While it's currently only available for the OKI 900, Network Wizards promises a version for the OKI 1150 soon.
Sample Output of My Cellular Monitoring Program
(Phone numbers have been masked)