privateline.com logo: Welcome to my site!

Privateline.com: Manual Test Mode
Google
The Web Privateline.com

 
SITE MENU
HOME PAGE
Old Home Page
Advertise here
Cell Phone Plans
Cell Phone Basics
Clip Art/Images
Contact Me!
Daily Notes
Digital Basics
Telecom History
Links
Miscellany
Telecom News
Website Docs
Wired Telecom
Wireless Pages
Writers

Sub-Menu
Cellular Basics Series

I Introduction

II Cellular History

lII Cell and SectorTerminology

IV Basic Theory and Operation

V Cellular frequency and channel discussion

VI. Channel Names and Functions

VII. AMPS Call Processing

A. Registration

B. Pages: Getting a Call

C. The SAT, Dial Tone, and Blank and Burst

D. Origination -- Making a call

E. Precall Validation

VIII. AMPS and Digital Systems compared

IX. Code Division Multiple Access -- IS-95

A. Before We Begin -- A Cellular Radio Review

B.Back to the CDMA Discussion

C. A Summary of CDMA -- Another transmission technique

D. A different way to share a channel

E. Synchronization

F. What Every Radio System Must Consider

G. CDMA Benefits

H. Call Processing -- A Few Details

X. Appendix

A. AMPS Call Processing Diagram

B. Land Mobile or IMTS

C. Early Bell System Overview of Amps

D. Link to Professor R.C. Levine's .pdf file introducing cellular. (100 pages, 374K)

Reserved

Reserved

 
WiWTEST MODE

Manual Test Mode for Analog Cellular Telephones

by Damien Thorn

Need program codes for a phone not listed here? Try this great resource: http://www.google.com to search the USENET. Select "Groups" from their home page. Enter your make or model and its number into their search engine; you might find what you are looking for.

Almost every modern cellular phone contains a secret diagnostic mode with a number of test commands that are intended to assist technicians with service procedures. As more has become known about these tools, a growing number of people are finding that their cellular phone will allow them to monitor the cellular conversations of other people.

Intercepting cellular calls using the phone itself is a neat trick, and has been demonstrated before congressional subcommittees and vaguely described in many magazines and newspapers as an intriguing new development on the cellular frontier. The interesting fact is that cellular-capable scanning receivers are now illegal. Although Congress has outlawed the manufacture and import of scanners covering the cellular band, cellular phones themselves continue to be manufactured with this hidden feature.

CELLULAR SCANNING

The ability to unmute the speaker in a cellular phone to hear the audio being received, and the ability to load the transceiver's frequency synthesizer with a given cellular channel seems to be considered the "coolest" function available in debug mode. These are the two commands which essentially allow a phone to become a cellular-capable receiver, a manual scanner of sorts.

Although illegal to manufacture or import cellular-capable radios, it is perfectly legal for us to own such devices. There is nothing inherently illegal in using a cellular phone to monitor cellular frequencies when such monitoring is consistent with the provisions of the Electronic Communications Privacy Act (ECPA) of 1986. When employing these modes for purposes other than testing, avoid "intercepting" calls without the consent of at least one party to the conversation, or you will violate this sacred statute and be subject to arrest by the FBI.

The intent of this article is to educate the private line reader about the illusion of privacy created with cellular phones and highlight the paradox of the scanner ban. In doing so, we'll document some of the phones available with these command sets tucked neatly away in their software sub-basement.

Although the information that follows is limited to the commands required to activate the audio section and program given frequencies into the receiver, these are by no means the only test functions available. Since the Oki-900 cellular phone is so popular with hackers, we've included a list of the well known diagnostic commands. This list is reprinted from my article, "Secrets of the Oki 900" as published in the December, 1993 issue of Nuts & Volts Magazine.

Aside from the infamous Oki, Motorola is the other manufacturer that includes a fairly nifty set of diagnostic commands in their cellular transceivers. A complete list of Motorola test mode commands accompanies this article, along with a description and photos of the process required to place Mother M's cell phones in test mode. Many of the Motorola test mode functions are present in phones manufactured by other vendors, and may thus be viewed as a test mode archetype when ferreting out the secrets of your particular brand.

TEST MODE BASICS

The test and diagnostic modes available in cellular transceivers occurred by design and were deliberately written into the code, or computer program, that operates the phone's electronics. While some writers have expressed the opinion that these commands may have been inserted by hackers on the programming team designing such software, this is simply urban mythology.

From the beginning -- before handset programmability was introduced -- most cellular phones could be manually controlled. Back in these early days, the mobile telephone number (MIN) and other parameters had to be burned directly to an EPROM with an external programmer. This chip was known as the numeric assignment module or "NAM". Once programmed, the chip was socketed inside the phone. The format of the data contained within this chip pretty much adhered to an industry-defined standard.

Another industry-defined protocol of the period was the AMPS, or Advanced Mobile Phone Service standard detailing the interface and cabling between the transceiver unit (which was usually mounted in the trunk of a vehicle) and the control head located in the passenger compartment.

Such interconnection was accomplished with a rather thick cable adhering to the AMPS spec as promulgated by Bell Labs prior to divestiture and the court-ordered breakup of the Bell System monopoly. The old AMPS standard also included provisions for manual testing of various subsystems within the phone to diagnose problems or align audio and RF sections. Such testing was accomplished with a specially designed interface box and computer software, using a bulky cable and various adapters for different transceivers. During these initial years, there weren't that many cellular hardware manufacturers, and to give you a better feel for how Jurassic this equipment was by today's one of the more popular test mode . . .

 

[NEXT PAGE-->]

privateline.com logo http://www.privateline.com: West Sacramento, California, USA. A Tom Farley production

 

 

  
Sponsor


Sponsor
Aslan logo
Aslan Technologies
Link to Aslan

Sponsor

Reserved