Hacker News new | past | comments | ask | show | jobs | submit login
Why radio receivers won’t tune 800-900 MHz (computer.rip)
439 points by jtakkala on Dec 13, 2020 | hide | past | favorite | 165 comments



I had (and probably still have) a Radio Shack Pro-2006 scanner from the late 80's. Even pre-Internet, instructions on how to bypass the cellular band block were easily found on Fidonet and local BBSes, and all it involved was removing a single diode.

https://www.wentztech.com/radio/Equipment/Pro2006/pro2006mod...

It was really a golden time for snoop...er..listening to cellular phones because they were so enormously expensive, including per-minute usage fees, that only drug dealers, doctors, and the 1%-ers could actually afford to use them. So there was always interesting things to hear.

Ordinary cordless phones were much more affordable and fairly common at this time. They broadcast in the clear at 49 MHz (at least in the USA) and had no legal protections like the 800 MHz cellular phones.


Roughly in this genre, the 9/11/2001 pager text data ( https://911.wikileaks.org/files/index.html ) are an interesting peek inside people's putatively private conversations.


That was super fascinating. I had no idea these existed.

People are getting automated messages of Mozilla Mac builds being complete during the disaster.

I was 16 when this happened so I had no idea pagers were used like this. Sort of how push messages or chatops is used today. To aide developers or ops people with notifications.


Amazon used skytel pagers for oncall notifications until very recently. I had one in 2014.


Hospitals and other facilities still use pagers for oncall duties. It's quite common. They're robust and last days without a charge.


When I carried a pager as an engineer at a factory, it lasted for months on AA batteries. It's been almost a dozen years, so I'm starting to forget whether it was one cell or two. It took me years before I stopped reaching for my hip every time the lights flickered.


> 2001-09-12 00:26:08 Metrocall [0134738] A ALPHA Frm: MSN Txt: Hotmail TheFreeStuffNews.com:Take a 5 minute Survey to Win $1,000!

I see that spam was alive and well back then


Lots of reboot NT machine and other IT looking pages. I feel sorry for those sys admins.


What is this?


Pager messages collected on September 11, 2001. They are also a type of communication which is transmitted without encryption.


s/is/was/

I miss the days when there was a messaging service you could buy in order to recieve text messages nationwide without transmitting your location.

RIP POCSAG


POCSAG and FLEX are still quite active, in the UK at least.


I regularly stumble on POGSAG form hospitals/ are homes/logistics places. They throw a lot of credentials around.


Cordless phones are a whole different and rather interesting topic. The huge security issues with early cordless phones lead to DECT (or technically DECT 5.0) becoming widespread in the US, and it's actually a rather interesting protocol with a very complex and rich set of capabilities considering we normally only see it used for simple cordless phones. IP over DECT is an uncommon but interesting application.


There are some smart home devices that use DECT Ultra Low Energy to communicate with their base station. It's a pretty cool tech because DECT uses its own frequency band and doesn't interfere with bluetooth or wifi in the often highly congested 2.4 and 5 GHz bands. Even firmware updates are possible because the bandwidth is large enough to push some megabytes through.


That's very cool. When I was a kid, a nearby department store (Fred Meyers on 39th and Hawthorne) used a large-scale DECT system for employee-to-employee and paging. Each staff member carried what was essentially a ruggedized cordless phone with an earpiece and they heavily used DECT's "intercom" handset-to-handset feature to talk to each other, and it was all on a PBX with their outside phone lines. I believe it was a Panasonic system. Panasonic seems to still offer such a setup that uses IP for coordination between the multiple DECT "cells," but I'm not sure what was in use at the time. I remember it giving me an overwhelming feeling that my home's DECT cordless phone was a disappointment to the technology's capabilities.

For that matter I once had a job where I had a WiFi IP phone that I carried around, but I think cellphones have gotten cheap enough for corporate users that the wind is out of those sails. I keep thinking about buying one of those on eBay...


This sounds very similar to the phone network that the Chaos Computer Club uses at their events, the biggest one being the Chaos Communication Congress. Everyone who wants can bring a DECT or GSM phone and register a 4-digit extension, and each congress, several thousand people do. The whole venue, as well, as some nearby hotels, are littered with DECT and GSM base stations. There's also bidirectional interconnectivity to the regular phone network. It's always one of my favorite parts of Congress, but it has kind of ruined me since I have trouble taking tech conferences without their own phone network seriously. :)

(Cave-at: I'm not involved with the technical implementation. I just know the system as a user.)


DECT VoIP base stations are still very much a thing.

http://www.grandstream.com/products/ip-voice-telephony/dect-...


The funniest thing was that people were convinced that you could cut more diodes (if only you knew which ones) and enable more hidden frequencies. They couldn't understand that this was a one-shot deal. I imagine there were quite a few that ended up destroying their scanners trying.


"Let's see, my crystal radio only has this one diode but it can only receive AM. I bet if I cut it I can hear everything!"


Well funnily enough you can actually get some heavily distorted but still intelligible audio out of an FM channel demodulating it as AM if you shift the frequency over off of the center of the channel and decrease the bandwidth to only get half of the FM bandwidth. First time I heard that while playing around with a SDR I was so confused as to how that was working.


At 15 cents per diode I don't think that would be a particularly expensive fix or worth throwing out an otherwise perfectly good scanner for.


The set of people who just cut away additional diodes under the theory that would unlock further features has minimal overlap with the set who can DIY replace that diode for $0.15.


I highly doubt that. Cutting away a diode means you have some tools, aren't afraid to 'void the warranty' and likely means that you know what you're doing. Those are likely people who also have a soldering iron sitting around somewhere and know how to use it.

Everybody else would have someone else cut that diode in the first place.


Coincidentally, Rachel By The Bay had a post just today that included listening in on cordless phone conversations by neighbors.

https://rachelbythebay.com/w/2020/12/12/scan/


Not a coincidence! I read this and wanted to share my two cents. Having recently mentioned the upper end of the old TV band didn't hurt, either.


I used to work for a company that made “super Bearcat scanners.” These were “DC-to-light” scanners, with multiple demodulation methods (SSB, DSB, Phase, Frequency, Amplitude, etc.). They cost about 40 grand each, in the early 1980s.

Needless to say, most customers were military or TLAs.

We could listen in on mobile phone conversations without much difficulty.

Then frequency-hopping started to become en vogue, along with encryption, and made it a lot more difficult to eavesdrop. Most of that happened after I left the company.


Related to that, I can remember borrowing a friend Motorola cell phone in the early 90's, probably the 9800 model, still unencrypted analogue transmission.

Anyways, you could enter the service menu and select which tower frequency you'd like to receive or send on. I remember playing with it and selecting the same channel to send/receive and there was already an on-going call. I heard one of the people say "did you hear that?" and I pulled the battery, it freaked me out.


I worked at Radio Shack and a customer came in, asked to see a particular hand held scanner. He moved around the buttons a few different ways and showed me it had a backdoor to listen to cellular calls. A few months later Radio Shack recalled that particular scanner. I had spent some time listening to calls and they were really boring. No girlfriends or drug deals, completely inane conversation.


I had a family member who used to listen in on phone calls on a modifed scanner (early 1990s). They commented that the conversations tended to follow a predictable pattern, correlating with basic human needs, as the day progressed.

Daytime: Money. People complaining about not having enough money, not being able to pay their bills (while talking on a $1000 cell phone and paying a per-minute charge).

Early evening: Food. "What are we going to eat tonight?" "Will you stop at the grocery store and pick up ___?" "What do you want for dinner?"

Night: Sex [use your imagination here]


I bought a RadioShack scanner in 1993. I found that even though 800-900 MHz was blanked out, reflections of cellphone signals were clearly audible! Back in the early 90s, sitting in my house, I was able to listen to cell phone conversions from cars on a highway near my house. You have to remember that early cell phones were so large that people mostly used them from cars.


In college I worked at a place that was spread out over a number of buildings on the edge of campus. A friend of mine was living across the street from the main building, and I was over one day trying to watch TV in their common room. I don’t recall why I was flipping channels up near 90 but I distinctly heard a crisp clear voice as I was flipping between two channels.

The wireless headsets the receptionists had were using the same modulation as TV, and you could hear it by holding the UHF dial on the TV between clicks. And my friend knew about this. Awkward.


I worked at radio shack outside the US in the late 90s.. we use to listen to cell phone calls. Most calls were drug dealers,some were affairs mostly it was call girls. The variety was great.


Stories please!


Not op, but fun story to share.

The year was 1999, I had befriended a strange group of friends from an IRC support channel. We all lived within 250 miles of each other and one day decided to have a gathering with about 6-7 randoms from the channel. Hilarity ensued as we played games of command and conquer, Starcraft, and Serious Sam. I was yelled at for saturating the 1.5mbps SDSL line with my webcam, streaming views to our friends who were too far to drive in. Someone else was eating aluminum soda cans. At one point one guy happened to login and said “wait you guys are having a LAN party? I’ll hop on the PATH and be right there”. Then my life changed in front of my eyes.

In walks this dude that looked like he came straight out of Hackers. We all dap up and continue talking about random nerd things. The conversation goes to cell phones and how the fcc passed this law which OP talks about. Surprise someone has a grandfathered scanner that could scan 800-900mhz. Dude that showed up starts talking about how he knows a guy that knows a guy that took his code and runs an elaborate carding net. Dude then whips out a demodulator app that he wrote that takes beeper signals from the scanner audio and decodes it to text. He tells us we can pull livery and taxi beeper codes because they text headquarters with the credit card numbers on pickups. Then his app does it. One guy holding the scanner at an angle to one of those bend/squiggly microphones that were ubiquitous in the AOL era. Modem like beeping screeching through the air. Then messages and credit card numbers start streaming through this dudes app. The entire room does a collective holy s#%^ mainly because we can’t believe this would be streaming in “broad daylight” across the Hudson.

He went on to explain how he got into hacking almost just like in the movie Hackers. Dude was brilliant and got recruited into hacking groups as a programmer when he was 13. He was writing stuff like this for 5 years. We think we had crossed paths at some point because I was deep in the demo scene and wrote patches for hacking groups.. but that day blew my mind about how security through obscurity worked and led me down a black hat path that switched to white hat in the early 2000s


> Someone else was eating aluminum soda cans

Huh?


Well they had pretty much phased out steel cans by that time



Yeah pica but can you eat an aluminum can and not die? Wouldn’t that certainly cause internal bleeding?


They were probably just chewing on it


Did anybody in this group go to Stevens? Because holy shit, were there ever a lot of Hackers-type characters at Stevens in the latter half of the 90s. Some of them were into MOD music and demoscene stuff, warez, and even darker things.


Serious Sam didn't come out until 2001. How did you play it in 1999?


That and in 1999, if you were writing cracks, very few people were doing that in the demo scene at that point. The demo scene and the scene split up. In 1996 RNS started this change. By 1999 pre nets were already up, as well as top sites.

I miss the 90s. I was 12 years old in 1999, but I started disassembling code when I was 8, so as you can imagine, people online thought I was an adult with all of illegal things I did. I even broke into PayPal and bragged about it. lol embarrassing today.


I too miss those days...

That being said, I feel like back then a most vulnerabilities were so simple due to lack of foresight/security that quite a few 12-year olds with a decent understanding of computing could perform them:

I fondly remember an IIS bug which allowed you to basically 'cd' into any directory on the host machine and execute cmd.exe remotely. I believe it was as simple as the server not sanitising '..\' when written using unicode escape characters...


Even back in just 2012 I found one of our clients who had an ecommerce site came up with the "genius" idea of solving SQL injection by checking the unparsed URL for an apostrophe. Same self taught developer also decided to log the CC name, number, expiry, and CVV code for all orders instead of just storing the transaction ID from Authorize.net. There were 750,000 rows in that table when I found the SQL injection vuln.


Yah. There was a backdoor on all MS operating systems in net bios. As long as they were not behind a firewall and had not manually setup file sharing settings you could get full access / root.

All the way through the thousands there was a backdoor on OSX' remote desktop. As long as they were not behind a firewall and had not manually setup remote desktop, you could get full access as well.

And all the way through the 90s and the thousands, there was a backdoor on Motorola and Buffalo cable models, so you could remotely inject your own firmware and remotely reboot the router if you wanted. Everyone online was soldering those things to get hacked internet back then and I was just scratching my head as to why they were not using the backdoor instead.

I can go on. I haven't done anything infosec in a very long time. When I was 18 I got interested in certificate decryption and my passions took a more math heavy direction, eventually leading to quantitative finance.

edit: Oh, and to keep more on topic, regarding listening to cell phone chatter, the cell tower where I lived didn't change to digital until 2006, so in the thousands I knew you could listen in, but frankly I wasn't interested. I was more interested in making cantennas and injecting an 802.11 signal 2 miles away, decrypting their WPA. Surprisingly I did not find a single router that had a different admin password than its WPA password.

In the 90s all the way into the early thousands, to get online I had to get hacked internet, as my parents didn't really understand the internet and thought it was a fad. This may be what inspired some of the black hat stuff I did.


Memory fades a bit over 20+ years.


Definitely meant to say counter strike, sorry


These were some hardcore hackers.


I once overheard a phone interview for a position so interesting that I wanted to apply for it myself.

The answer to "How did you hear about our company?" would not have gone well. :-)


"word of mouth"


When analog TV's with UHF were still a thing, I could rotate the UHF dial all the way to the top of the band and just begin to hear the unencrypted analog cell phones. Crazy.


Lots of similar stuff in the book The Best of 2600


Oh, those were the days!


Back when i was in high school in the late 90s/early 2000s there was a website, i think called cellphonescanner (.) com that had a realmedia stream to listen to analog cell conversations around NYC and Toronto or something like that. It was great entertainment.


One of my friends who was a huge scanner fan (did you know they had their own magazine?) worked in a boring mundane part of his family's business. Most of his day was spent waiting around for two or three loads of paperwork to come in to be filed. It was a make-work type of job to keep him employed and out of trouble. What he did most of his day was listen to the scanner. Mostly police and fire calls but he did modify the scanner to pick up cell calls. Most were short but there was a two hour long call that the radio tuned to one day I was visiting. Given the price of cell calls in the mid 90s, especially during daytime, this was highly unusual.

The call was a professor at the local state university talking to a woman whose identity I was not able to determine. Almost the entire conversation was about how much he hated Palestinians. That they were subhuman and should be wiped out. I grew up in the South and had heard hateful things before but this was the first time I heard someone advocate for genocide so openly. That conversation has stuck with me ever since, making me wonder what's going on in people's minds that they keep hidden from the public.

At one point in the conversation the woman asked if he was on a cell phone and if anyone could overhear them. Despite there being no way of them knowing we were listening, it still caused my hair to stand on end. He said it was unlikely. The quality of the signal didn't waver during the call and was strong the entire time was he probably was stationary nearby. So very odd that he didn't call using a landline given the cost of such a cell call.


You are just describing every IDF soldier ever?

They routinely kill and maim palestinian teenagers with 0 consequences, so there must be a huge part of society that agrees with such ideas that they are able to do so with impunity.


Honestly I never heard anything interesting on either analog cell phones or cordless phones. Messing with drive-thru intercoms with our modified Icom W2-As was a hell of a lot more fun.


Hi all, I am the author. I 1) have no idea how this made it to the top position, 2) now feel much guiltier about posting so infrequently, 3) apologize for the design of my blog being almost actively hostile to users, but then maybe that was the point?


I love the footer text:

    This website is begrudgingly generated by the use of software. Letters to the
    editor are welcome via facsimile to +1 (505) 926-5492 or mail to 609 Gold Ave
    SW, Suite 1D, Albuquerque, NM 87102. Opinions stated here are somewhat
    necessarily those of Seventh Standard, LLC, in that the author is the sole
    partner and does not wish to lead dual lives.


Re 3: if it makes you feel any better--or worse! (most of the time I make people feel worse...)--I have added your blog to my list of "websites whose design I really like" ;P (the only thing I disagree with strongly is the seemingly-fixed word-wrapping, as it causes random-feeling new-lines while reading on my iPhone X screen).


Reminds me a lot of reading old GameFAQs guides


I thought those were typos, accidental line breaks.


Yes, the script that generates the website was written in one evening when I was not entirely sober, and it has some weird behavior around linebreaks that I triggered by typo. Somewhere on my todo list is to add markdown parsing so I can do cutting-edge things like indented block quotes while still having the text reflowable for the RSS feed, but then I'll have to decide how to represent headings and links while still keeping to my 80x24 video terminal aesthetic.


If you don’t mind the conversion happening on the front-end side, Showdown.js has worked really well for me on a few projects.


Why do I recognize your name ?

There's some hazy link here between "JB Crawford" and Kuro5hin and ... ? Or is that just a coincidence / faulty link in my memory ?


I think I did use Kuro5hin for a time, but if you have seen my writing elsewhere it is most likely LWN or some miscellaneous technical training vendors, both of which I contributed to for a while before my life got a little crazy. I'm actually currently getting back into freelance writing, so while I have fifteen minutes of fame... my first passion before technology was writing and teaching, and I write and develop training on technical topics I am interested in (there's a number of them). Contact info in my profile.


OK, now I remember:

https://news.ycombinator.com/item?id=11611571

It was Michael Crawford.

JohnCompanies, the first VPS provider, and the incubator of what eventually became rsync.net, did all of the original advertising on kuro5hin.org. I actually grew the company a fair amount just on the basis of those small ads on k5.

While I was never an active member of the community there I had enough random exposure to it to absorb a little bit of what went on there...

Sorry for the noise :)



At one point when funemployed and living in a better DC market I considered trying to start a VPS operation but decided against it since the market is so hypercompetitive. I guess I'd have been in good company. Now that I live in the forsaken desert I have to ship my hardware to a different state to get a decent colo rate, so that's right out.


Hah, there's a name I haven't thought of in a while. I had a JohnCompanies server way back in the day.


> apologize for the design of my blog being almost actively hostile to users

I edit a newsletter of blogs of HN and I can tell you that your design is not more hostile than most HN bloggers, don't worry you are fine


It’s not really “fine” it’s just “not quite as bad as some others”.


enjoyed the article! in the end you mention that SDRs are mandated to carve out that band but they... don't. why is that? and how is that legal then


Just discovered your blog via HN. I love writers who keep this old history around and can really go deep into the rabbit holes. Thanks for that.


I love your website design.


Hey Jesse- great story :)


I think the OP's write up misses one very important piece of the puzzle: Politics.

Newt Gingrich who was Speaker of the House at the time got embroiled in an incident that was recorded from a cell phone conversation. https://www.cnn.com/ALLPOLITICS/1997/01/13/tape/index.shtml

Now fast forward to a few years later with the Patriot Act and metadata controvery that Edward Snowden exposed... same shit, different day...


I did not know about the Newt Gingrich incident! That really adds some interest. There was definitely a lot of public attention to the issue at the time, and in some ways rightly so, but of course the resulting efforts were misdirected at a legislative fix. A point that I wanted to make in the article but I'm not sure I completely articulated was basically "this is what happens when Congress writes technical regulations," but of course this is far from the most egregious example of that.

The parallels to what we see today with pervasive surveillance and anti-encryption policy are significant, and it's frustrating to see how much less atwitter congress is about these issues today, when it's their own government doing the eavesdropping. As I make a jab towards in the article, I think that the people of today (and even the people of then) have given up on the privacy of their personal communications in some ways. I can't blame them, but it's clearly a problem that needs to be solved. Perhaps one way to look at it is this: in many ways, our communications on the internet have fewer privacy protections than our communications on landline phones. How did it get to be this way? History and policy, combined in an ugly way.


Yeah.

Let's put it this way: OKI900's and all that were around before 1992. And that phone was favoured because you could easily reprogram the ESN/NAM/MIN for cloning as well as turn it into a scanner by turning on it's speaker and had control of the frequency. It was a modder's dream to hack on. But the same could be done with Motorola phones with a few more button presses.

That was 1992.

1997: AMPS system is waning against D-AMPS and even that is getting pressure from a new standard - GSM - which is also digital and ENCRYPTED. Newt gets caught and to show what a great prick him and Bill Clinton were, they passed a law that was obsolete before it was even passed into law.

https://www.wired.com/1997/11/ears-of-the-airwaves/

---

This is why the election system, process of creating lawmakers (congress) as well as judicial system is retarded. The time lag doesn't stop the flash pan crime trends nor does it do anything to improve the situation due to the abuse of absurd laws like this one. This law is rendered null and void by technology long before it was ever enacted...


Well probably not so much the previous link... but this is an article that brings it all together from around that time:

https://worldradiohistory.com/Archive-Popular-Communications...

Page 14 for "H.R. 2369 and The ARRL"


> Newt Gingrich who was Speaker of the House at the time got embroiled in an incident that was recorded from a cell phone conversation.

I wonder why it's always the same names that crop up as the reason for bullshit regulations.


The 1990's were big on passing a metric fuckton of laws impacting technology as that is when most of the people started getting "online" as it were.

Wargames came out in 1984. It took about 2 years for there to be a law against computer intrusion (hacking). 18 USC 1030. https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

But it got most of it's teeth in the 90's. Newt and Bill pretty much ran the 90's. Along with Janet Reno and the rest of them. People may have happy memories of the 90's but for "hackers", it was a terrible time as people were passing bad laws with little info. It's only gotten marginally better over time due to people gaining better comprehension of technology - yet somehow we haven't caught up with our own privacy invasions as a whole. (ie: GDPR and data collection)


> It's only gotten marginally better over time due to people gaining better comprehension of technology - yet somehow we haven't caught up with our own privacy invasions as a whole.

It's time for both the US and the EU to vote out all the incompetent morons of our parliaments...


Signed into law by someone else.


*in the USA.

Radio receivers and scanners sold outside the USA, even if they are made inside the USA, have no restrictions. US manufacturers usually label these radios as "export" versions.

It reminds me of the early days of web browsers when "export" versions of Netscape and IE only supported a maximum of 56-bit encryption for SSL.


Or GPS receivers not working at high altitude unless you buy some Asian brands with right chipsets.


Note that the rules require GPS receivers not to work when above 60,000ft AND at a speed higher than 1000kt. Some manufacturers made that an OR, but that's not required.

You're very very unlikely to ever make it above 60,000ft at a speed faster than 1000kt unless you own a fighter jet.


If you build nanosatellites or cubesats or do rocketry those limits are exeeded. For example NovAtel OEM-719 GPS has no COCOM limits.

Fortunately COCOM limits for GPS are not enforced. It's empty clause.


Rockets that go above 60,000ft and at 1000kt are the case that this limit was designed for, they didn't want enemy ballistic missiles guided by GPS.

Of course that regulation is now useless because foreign receivers don't implement the limit and competing GNSS systems also don't have it. But at the time it was written this was a sensible restriction because it was a unique technology.


High powered model rocketry can and does exceed this.


Since it's so unlikely, I guess most manufacturers haven't even tested it.


I take it that was related to the munitions classification for encryption?


Yes. lol.

I worked for a chopper factory in the UK back in the day. We had Novell servers. NetWare CAs back then did as they were told and would only offer rubbish encryption. We used it for throwaway stuff and manually cranked out certs with OpenSSL for important stuff. We also watched firewall logs ...



All of the SSL 3.0 / TLS 1.0 EXPORT cipher suites are actually limited to https://en.wikipedia.org/wiki/40-bit_encryption , see for instance page 60 of https://www.ietf.org/rfc/rfc2246.txt

For a while, exports were limited to 40-bit symmetric key strength and 512-bit moduli for DH and RSA. I had forgotten about the limits being raised to 56 bits for a few years before being fully dropped by the Clinton administration.

There was a brief attempt to get around the pushback against key length restrictions with the Clipper chip[0]. The idea was to give everyone 80-bit Skipjack encryption while enabling U.S. law enforcement intercept by having the chip refuse to function if it wasn't shown a valid escrow message (LEAF) for the key it was using. Skipjack was classified at the time and supposedly stronger than anything commercially available at the time. The problem was that LEAF itself only used a 16-bit authentication code, so it was trivial to bruit-force another LEAF message that would work with your session key, but yield garbage data in a wire tap.

[0] https://en.wikipedia.org/wiki/Clipper_chip#Technical_vulnera...


I would imagine SDRs with "export" software are easy to get and can tune in.


A large portion of SDRs have no FCC equipment authorization at all, and so don't necessarily comply with regulations---including the lack of an AMPS lockout. This makes them a little bit iffy for sale in the US, but there is generally a rule that allows "test equipment" to be sold without equipment authorization under certain conditions on its use. I (not being an expert on this, I am not a lawyer, etc) would describe most hobby SDR use as being a gray area, but one that is probably not of too great concern since most hobby SDRs on the market are receive-only and obviously these weird part 15 rules about scanning receivers don't really matter in the modern age.

SDR transceivers like the HackRF are probably still not being purchased by people who will cause any trouble, but I do worry a little bit more about unintentional disruption of important radio applications like aviation navaids or whatever. If I were to take a policy angle here, I think it might be a good idea to restrict such devices to people with amateur radio licenses since they are not especially hard to obtain (DE AE5JL). I'm sure there's a thousand people here who would vehemently disagree with me on that though.


> I think it might be a good idea to restrict such devices to people with amateur radio licenses

Am a Canadian HAM, and also the owner of multiple transmit-capable SDRs. While I don't disagree with you on principle, one tricky part with that is that the majority of my usage of these devices has been commercial. Requiring an amateur license to do commercial work is kind of the opposite of how the system is supposed to work (i.e. no commercial activity on the HAM bands).

The real saving grace for the transmit-capable SDRs is that they're generally quite low power. I think the most powerful one I have can do... 100mW? Sure, you could be disruptive with that, but it's not going to go very far.


That's true - any locking down of SDRs probably also requires a "fast track" experimental license program so that commercial users (including individuals who are performing commercial experiments, not just well-resourced companies with a licensing specialist) can obtain them easily.


"I think the most powerful one I have can do... 100mW?"

Until you add an amp hehe


SDRs don't have the 800Mhz restrictions.


The limit was 40-bits for a while. Maybe briefly in the late 1990s the export limit was 56 bits, but all of the EXPORT cipher suites in TLS 1.0 (from 1999)[0] have limits of 40-bit symmetric keys, or a NULL cipher. Also the RSA and DH moduli for export cipher suites were limited to 512 bits.

[0] Page 60 of https://www.ietf.org/rfc/rfc2246.txt


Cordless phones were more "fun" to scan since it was generally your neighbours you heard just because of the range of those things. Also baby monitors were (and probably still are) wide open. Literally a 24/7 mic broadcasting for anyone to listen to.

Pagers were also easy to listen to. You'd get short messages without context. A lot were office to doctor or dispatch to tradesperson.


As a person who also did this, I feel like it has encouraged my suspicion of communication privacy.

All it takes is listening to your married neighbor talking to their boyfriend/girlfriend to realize that someone could be doing it to you. The difference now is that it doesn't have to be within a 150 foot radius.


Now, not only does someone not need to be actively listening, they don't even need to save the audio. Just convert it to text, keep it indexed and whatever three letter agency is doing the tapping has an easily searchable record of your communications should they ever feel the need to look into you without you knowing.


Converting to text loses data and will fail on unexpected languages or accents. It's better to use a specialized voice codec, which can have fantastically high compression rates, or just keep the (already annoyingly-companded) 8kbit voice stream around in its entirety. It's pretty small.


You must mean 8Khz - which results in a 64kbps stream. (8000 bytes per second) The companding was actually a very good use of 8 bits per sample for voice, introducing little artifacts except at high amplitudes and the low pass filter. Nowadays I find it ridiculous mobile networks feel it's still necessary to compress the audio further - 64Kbps is nothing on modern mobile networks, ie VoLTE etc... WB-AMR is definitely an improvement with it's 16Khz sample rate and a bitrate lower than that of G.711, but mostly not supported between different mobile carriers...


You convert it to text in order to index it. If it becomes interesting in the future, you listen to the audio (maybe after getting permission from a judge in a secret court.).


Recording all calls is well within the financial and material means of the US Government. http://blog.archive.org/2013/06/15/cost-to-store-all-us-phon...


I agree. The convert to text part was about indexing the content of the calls for easy searching.

I bring it up because speech recognition has become so commoditized that most of us could think of a way to whip up an, albeit bad, solution to this problem using AWS/GCP/etc in a weekend.


Many years ago, I worked for a guy who regularly monitored mobile phone frequencies and recorded conversations. He wrote screenplays and used the recordings for dialog study. At least that was what he claimed.


Some baby monitors are using "encryption". I don't know if they are actually using encryption or just privacy codes. Even if they are using encryption, I doubt it's very secure stuff (probably 8 bit or something).


Our baby monitor uses DECT - it's basically a cordless telephone. While I wouldn't expect it to be encrypted to any significant degree, in most cases a baby monitor is either broadcasting silence with a little background room noise, or it's turned off. Once a monitor starts broadcasting noise, a parent intervenes.


Some of them are even VOX so that it's not continuously transmitting.

I think the concern (fun for the scanner) was that if people leave the monitor on all the time and then have a conversation in that room.


As a child in the 80s I was given an intellivision and a old (even in those years) ~13" black & white tv to play it on.

It had the ability to tune to the higher UHF channels 70-83 [0] which while planned for use in tv broadcast, never ended up being used, but they didn't know that at the time of the construction of the tv set. The frequency covered by those channels were reallocated in 1982 by the CCIR worldwide convention, and covered approximately 806 to 890mhz.

What was most interesting to me as a young teenager in the early 90s about this particular tv set, was that I found out I could hear an occasional phone call when tuned to those UHF channels, even more so when I used the fine tuning nob.

On a side note, the tv set also allowed me to view scrambled channels on the cable system which I could unscramble to various degrees by turning the tuning nob at certain rates back and forth. I suppose modern 90s systems were not designed with my old tv set in mind.

https://en.wikipedia.org/wiki/Television_channel_frequencies...


I had a TV that did this exact same thing! Except I was given it as a color "monitor" for an Apple IIE. I would spend hours building my own antennas and spinning the fine tune knob to try to bring in far away signals.


Anyone have any recommendations on a "modern" digital trunking scanner? (handheld)

I have an old GRE PSR-500 which isn't terrible, but I'm looking to replace it as it has next to zero software support for programming it and doing it by hand is a real pain.

You'd think in this day and age someone would make a scanner with a companion app connected to Radio Reference for programming. Would be nice to have bluetooth audio too.

FWIW, GRE stopped making scanners in 2012, and later closed down and sold off their scanner business to Whistler. Supposedly Whister were going to release a new scanner, the TRX-100, but cancelled it. Seems like handheld scanner technology is still stuck in the '80s.


I think much of the scanning crowd has either 1) abandoned interest in digital trunking systems or 2) switched to SDRs, which is an unfortunate state of affairs as the state-of-the-art in SDR trunking decoders is actually pretty bad.


You'd be wrong if you think that. We're all using Uniden SD200

See: https://www.bearcatwarehouse.com/Trunking


Good to know, although I fear I may find my wallet $700 lighter.


I went hogwild with this at the beginning of the RTLSDR era of SDR. I just started picking it back up after getting some better hardware and was kind of bummed at how little the quality of the voice decoding has progressed despite what appears to be a ton of energy invested.

If I recall correctly some of it is licensed and/or patented and people are just having to reverse engineer the protocols. I’d pay for a commercial demodulator to snap in.


You can buy the DVSI codec wrapped up in a USB stick from NW Digital Radio. They call it the "ThumbDV". It looks like a serial port to your machine, and you can just poke it with the right commands and it'll turn raw codec data into raw audio data (and vice-versa).

I used it for decoding the AMBE+2 stuff on newer P25 systems. It wasn't great but it did mean I didn't run afoul of any patent issues if I wanted to sell the system to someone else. OP25 is great but I didn't want to take the risk.


Whoa, interesting, thanks for the heads up! I've bookmarked that puppy.

Whatever I was watching recently still had that slurring effect in all of the speech that I recall from back in the day, but I just checked out some recent recordings from OP25 and that is actually quite a bit improved. May just try that out first and see where it goes. Thanks!


that would be the Uniden SD100. I've got the SD200 which is the "console" model.


Since we're on HN, how about an RTLSDR, a Pi, and op25?


I'll never forget using grandpa's police scanner trying to find interesting sounds and tuned to one of the ~1800 frequencies and shockingly discovering that the cordless phone we bought in ~2003 was completely unencrypted broadcasting in the clear at half of the frequency I was listening to. My mom was in disbelief and we bought a new phone with DECT shortly after. I was a bit shocked myself.


The article mentions the Oki 900. Here's a Wired article mentioning how hackable it really was: https://archive.is/AEq0B


MENU SND END RCL STO CLR


"GOOD TIMING!"

My friends and I used to get piles of old Okis at First Saturday in Dallas. We'd leave Austin at midnight and drive 3 hours to get all the pre-dawn good deals. I remember we got a hold of some mobile data terminals and tranceivers too, though we never quite got around to the mischief we dreamed of using them for. POCSAG decoding was another good time. Ah, to be young again!


Back when analog cell phones were still a thing on the few scanners you couldn't make a trivial modification to enable receiving the cellular frequencies (e.g. switch them into export mode) you could often just tune into some harmonic.

I wonder if truckers still call a lot of phone sex?


In the age of camgirls? I’d doubt it.


Well I really hope people aren't using video erotica while driving!


I was in a courtroom once. the case head of us involved a guy who crashed a van while watching "american pie 2" on a then-illegal in-car entertainment system. Judge's first question: Which scene?


This blogpost is unfortunately barely readable on a small screen, because of the fixed line widths.


He's faithfully captured the 1980s BBS vibe.


Here's what I get. 1980s BBSs didn't have wrapping this bad unless you were quoting.

  To start: yes, long time no see. Well, COVID-19 has been like
  that. Some days I
  feel accomplished if I successfully check my email. I finally
  managed to clear
  out a backlog of an entire handfull of things that needed
  thoughtful responses,
  though, and so here I am, screaming into the void instead of at
  anyone in
  particular.


The requirement that scanners not be a silly modifiable to restore the AMPS bands was loosely interpreted. On certain older RadioShack scanners, you could unsolder some diodes on the main logic board and full coverage would be restored.


This is often the case for amateur radio equipment as well - transceivers are configured not to transmit outside the licensed amateur bands, but there is often a simple modification (cut a PCB trace, remove a component, etc) that happens to remove those limitations.

These are often called "MARS mods", since the Military Auxiliary Radio System uses HF frequencies that are outside the amateur allocation.


...And you could use a code on Motorola startac models to listen to these channels very easily. One of my hobbies was to do that when I was waiting for my girlfriend in the car.


Here is a nice image of the Canadian Frequency Allocations

http://canadianspectrumpolicyresearch.org/wp-content/uploads...


I had a weird situation 12 years ago. I got a tv for christmas. When I set it up it scanned for channels. It picked up channels with decimals in the high range and there were pay movies on but when they finished the channel would go dead. The next day I rescanned the channels because of fuzzyness and it picked up new channels with decimals. This time some of the movies were x-rated.

I would rescan daily usually in the evenings and watch what other people paided for. Thursdays and Fridays were good. During the day mostly kids movies.

In the mornings someone would watch a porn fast forward 10 minutes to one specific part.. slow down the video to play 2 minutes then turn it off. Very funny.

If you are in a building let your tv scan for channels in the evenings. If you see a decimal high channels you may have it too.


I have seen the same thing.

The most useful part is we could start an on demand show in the living room that had the only cable box, and find it in the bedroom.


MAN THIS IS THE FASTEST LOADING SITE


it's inlined for performance because putting the CSS in a different file felt like more work.


>not particularly difficult to intercept the call setup process from an AMPS phone and swipe its identification numbers, allowing you to basically steal someone else's cellular service. You can imagine that this was popular with certain criminals with a need for untraceable but convenient communications.

and Kevin Mitnick https://www.cnet.com/news/q-a-kevin-mitnick-from-ham-operato...

"I was cloning my cell phone to random subscribers and dialing into computers from the cell phone."


I had a Bearcat scanner that let you listen to the analog cellular bands. I think you had to use a harmonic frequency. This was probably 1992 or 93. I never heard anything interesting really.


In 1988 I bought a Uniden Bearcat 800XLT, specifically because it didn't lock out cellular frequencies. Listened to lots of (one side of) phone calls.


Could somebody summarize the answer please? I'm trying to decide if it's interesting enough to read, and the first 20 paragraphs suggest not.


I enjoyed it but if you're 20 paragraphs in and bored I doubt you'd find the rest interesting.


I've read plenty of technical papers that have interesting ideas buried in tons of bad prose. Holding the interestingness of the central idea fixed, there is no limit to how boring a writer can make things.

In general, I don't understand why blogs (and HN) are allergic to abstracts.


That's a fascinating story.

I'm curious though -- since the rule no longer has any practical relevance, is it still enforced?

Since it's not particularly likely that Congress would ever get around to updating the law anytime soon... does the FCC still even care? If a hardware manufacturer openly tried to sell a receiver that could tune to those frequencies, would they still be stopped?


Seems we hugged the site to death :(

Here's an archived version: https://web.archive.org/web/20201213003741/https://computer....

EDIT: Seems to be back up.


oops. everything seems fine on my end, but my whole Enterprise Hybrid Cloud is a single pizzabox in a low-rent datacenter that I "fully manage" by running updates when I remember to. I put it on CloudFlare just to be safe and make sure my packets are adequately mixed with pharma spam for transit.


For ever new regulation that someone wants to enact, they should be forced to take at least 10 out.

100 years from now we might get down to a meaningful mix of regs. Right now the Code of Federal Regulations (CFR) is like the roach motel - regs check in but never check out :p


Alternatively someone would enact a regulation, and then remove the regulation removal regulation as one of their ten.


And yet you could dial TESTMODE on a StatTAC and listen to any analog channel.

http://www.jax184.com/projects/StarTAC/wireless/testmode.htm...


Heh, I built that site as a StarTAC fan all those years ago, and Jax decided to preserve it when I donated the server hard drives and my box of startacs to him heh... the real limitation with testmode was there was really only about 4 channels you could choose to snoop on, but nonetheless there were still enough AMPS calls in 95-2000 in dense urban areas to be somewhat interesting... heard a couple of "juicy" conversations that also mentioned a phone number - was tempted to freak them out by calling it haha


Why are scanners so damn expensive? You’d think there would be Chinese copycats out there for $50


RTL-SDR can be purchased for ~$15


TL;DR: The Cellular Radiotelephone Service was allocated 824-849MHz and later 869-894MHz. That's it.


Thank you.


I assume that frequency band is still reserved, even though it's not used for anything anymore?


Great example of why every regulation should have an implicit sunset.


Is it just me or does the website raise a cipher mismatch error when trying to access it?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: