EFF: Rayhunter
7 comments
·March 6, 2025derac
I can see why they'd write it for a specific cheap device. Is this stuff possible with a typical phone modem, though; or does it rely on some special features? Forgive my ignorance. :)
bri3d
Possible, yes, it's just looking at various 3GPP network messages and parsing out a few common anomalies. Accessible, not all the time.
This project uses QMDL (Qualcomm debug logging) on a device with an accessible modem debug port and debug logging enabled. Most older Qualcomm devices have this form of debug logging available by default, but on newer devices, the debug interface is usually more locked down, requiring some degree of shenanigans to access.
Take a look at SnoopSnitch (similar project for Qualcomm Android phones), QCSuper and MobileInsight (tools capable of capturing signaling data from QC and Mediatek phones), and SCAT (capable of capturing signaling data from some Samsung basebands).
Other vendors usually have similar debug modes for their modems, but they often aren't reverse engineered or as easy to access as the Qualcomm ones.
null
edm0nd
You can buy these off eBay for pretty cheap.
Unlocked RC400L's are going for ~$19.99
Gunna look into getting one and making one of these to play with.
How would one test this device to know that it works? It would seem actual cell site simulators would be rare in the wild for many HN readers.