Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Is anyone working on an open hardware 3G/4G dongle?
153 points by marto1 46 days ago | hide | past | favorite | 39 comments
I just saw this one https://unsigned.io/openmodem/ and was wondering if someone was working on a open hardware 3g/4g usb dongle ?

Might be only a bit related, but osmocomBB [1] is a quite complete project that implemented an open baseband library.

It can be installed on a lot of old dumbphones and allows to create a base station and mobile station. Might help you to understand the inner workings of the network protocol quirks.

Back then it was known to be _the_ project to easily build an IMSI catcher, so its scene got a lot of redteamers using it.

There is also an ongoing effort to reverse engineer the usb modem of the pinephone, but afaik it's still a lot of work. [2]

[1] https://osmocom.org/projects/baseband

[2] https://github.com/Biktorgj/pinephone_modem_sdk

Observer, not participant; but:

It's my understanding that the FCC and equivalents make it almost impossible for there to be open hardware that connects to the phone network. And any cracks they haven't filled, Qualcomm has NDA'd the documentation for.

see https://osmocom.org/projects

Also there are several other companies that have a lock on that thing.

When I worked at QCOM at one point I had access to that the 3g versions. My boss had printed it out. It was about 2 inches thick single spaced double sided. Rumor was the 4g one was double that. Then there was the 'chipset'/serial interface about the same size.

So could you re-write one? Yeah (given the time for it). Never mind the legal tangle that bcom, qcom, marvel, whatever Motorola is these days, Huawei, ZTE, and others have built around it. That would just be the technical. Then getting it onto a real cell network would take a lot of work. You prob could make your own in a unlicensed band though if you stuck inside the power limits. Title I/II determine what people can and can not do with the US networks. Think the current thinking is physical connection you can do quite a bit, but radio it is locked down. But I could be wrong.

Have to check that proj out. Looks cool!

I'm no expert in this area, so I'm just going to ask: suppose you implement the entire 4G standard, but alter the used frequencies to a range you can legally transmit on (say, the 2.4GHz or 5.2GHz range), would the technology be different enough that it couldn't be adapted into a real 4g modem by changing the frequency range the device operates at? Is there some inherent technical challenge that makes the technology operate around 1600MHz but not around 2400MHz?

LTE has some advantages over WiFi (i.e. the IoT features, the roaming features, the endpoint management features) so I can see a 2.4GHz LTE network being quite useful in some edge cases. With open technology, private LTE networks can probably serve quite nice business use cases.

Not only is this possible there is actual spectrum dedicated to this kind of purpose https://en.wikipedia.org/wiki/Citizens_Broadband_Radio_Servi... though there are a lot of other rules around it (e.g. some slices can be allocated in a given region to a licensed user but not all of the slices in a region).

You might want to take a look at the table on this Wikipedia page showing the frequency bands where LTE has been deployed: https://en.wikipedia.org/wiki/LTE_frequency_bands

It already ranges from 450MHz to 5.2GHz.

This is not only possible, it's already a thing with unmodified hardware. The 900 MHz band is a ham radio band in the US, but it's used for GSM in Europe. That means that you can quite legitimately set up a GSM base station in the US if you have a ham license, as long as you abide by ham radio regulations (which might require some hacks), e.g. you can't turn on encryption and you need to broadcast your callsign periodically. Then most multiband phones will connect to it thinking it's a European GSM network. I can't find it right now, but I watched a talk where someone described doing just that.

900MHz is also used for LTE in Europe, so I'm pretty sure you could do the same thing with 4G/LTE.

The particular bands the cell providers run in were sold to them by the government (or bought from someone else who got them from the gov). If I remember correctly it was mostly the antennas lengths and what the tuner was set to for the chipsets (some being fixed, some being more SDR). Some bought those particular bands because they tend to penetrate buildings better than others.

But yeah if you could keep inside the power levels, and stay in the unlicensed bands, and keep out of trouble with the patent courts you probably could make an LTE network. I would not be surprised if many of the chipsets already could do it. Power levels would be your biggest hurdle for something more than a test network.

No, that is completely possible. I have worked on a project where we ran mostly standard LTE hardware in the ISM band (2.4 G) and it worked fine.

> the FCC and equivalents make it almost impossible for there to be open hardware that connects to the phone network


FCC has issued guidance for manufacturers to protect against modifications that would break FCC rules. The easiest way to do that is to have a closed-source baseband firmware.


It depends what you mean by 'closed-source'. Yes it's probably impossible to certify a radio baseband that anyone can hack on. It would be possible to manufacture a radio baseband for which all the source code was public and anyone could verify that that source code was running.

There is no legal requirement to close the baseband off. They tried to close off routers in the same way and got pushback.

Open hardware means that people can be their own manufacturer.

There are lots of places that will make PCBs for you, and sell you the parts to solder together.

Sometimes it's easier to ask for forgiveness than permission.

Something tells me you might have a difficult time convincing say Qualcomm with just that reasoning.

You could conceivably reverse-engineer the hardware if you got the support of places like MIT, and then it's fair game from there.

But most of the time Quallcomm, Broadcom and the others have an army of lawyers and an absurd amount of money to burn to ensure that your project, life and general existence is ruined, just to protect their bottom line.

Asking might come with a large fine if 911 service is interrupted.

A fine might actually be lower cost than losing freedom to binary blobs, so there's that.

The standards themselves are freely available (and extremely difficult to understand) --- just search for 3GPP --- but I think the main problem is spectrum licensing and transmitter approval.

Don't the phone companies have a veto over what they let attach to their networks?

That has to do with IMEI, and with most baseband software, the IMEI can be whatever you want.

Thanks government!

Depends how open you mean. For a lot of hobbyists and integrators, this works:


And run this on a Pi:


If you need something one layer deeper on the module or chipset level, there’s not really a lot out there.

That actually looks pretty cool. I'll check it out. Thanks!

The most mature (4G/5G) project would probably be https://github.com/srsran Couple it with a LimeSDR and you'd have a fully open HW/SW stack.

Not exactly a dongle but something like this?


Him again!

Ha! I actually read about this a few years ago, but this is an entire base station :-)

One could be made with the pinephone modem. I believe its running a version of android and people are working on reverse engineering it right now. The chip is a little big for a dongle so you'd end up with something kinda like the OpenModem in your link there.

Some impressing work is indeed being done here on the PinePhone modem: https://github.com/Biktorgj/pinephone_modem_sdk/ (firmware replacement, with a re implementation of many blobs and a mainline linux kernel - I tried and everything seems to work, however the sound is a bit low by default (this can be configured) and the modem is slow to boot)

"Introduction to open source private LTE and 5G networks" might have some pointers: https://ubuntu.com/blog/introduction-to-open-source-private-...

discussion: https://news.ycombinator.com/item?id=27946947

If the baseband and associate chipsets are isolated on the other side of a USB connection, why not use (any old dongle) and isolate it with some kind of USB "condom" with configurable "firewalling" ?

In fact, I believe I have seen such devices for USB development - a configurable passthrough USB interface that would allow you to control what gets sent over the interface.

That kind of a setup would be much, much easier to develop and safeguard than developing a modem/baseband from the ground up ...

Just curious, what would the advantage of having an "Open 4G USB Dongle" be ? Why not just get a Ublox or similar module ? Even if it's open you still have to pay usage on the carrier's network.

That's going to be a very long list, but of the top of my head:

1. Much easier repairs since all schematics are known in advance.

2. Price. A lot of the price of the modems comes from licensing fees as others have already noted.

3. Integration. Directly embedding the pcb into your project will be much, much easier.

4. Collaboration. Working together in projects that utilize 4G becomes easier too. Many use cases might get revealed without the original creators intending for them.

5. Security. "More eyeballs on a line of code make bugs run away" and all that jazz.

Only disadvantage might be reverse engineer people might get bored not having enough things to RE :-)


Although a 4G module like a ublox is pretty easy to throw on a PCB, most of those things are just a couple chips inside so it just seems like there's not a lot of repairs other than just swap out the module. I've seem those modules in the $20 range, seems like a lot of work to get around the licensing fees on a $20 module?

This was posted a little while ago, and might interest you: https://news.ycombinator.com/item?id=28051005


I thought that board looked interesting. Looks like a $50 cellular board, includes 500MB of data over 10 years (though with missing fineprint according the the HN thread). Might not be a terrible board to design around. Though adding it to your BOM will make your final retail cost on the order of $450.

Some creative googling got me this, for a different starting point. Looks like it might be a useful project writeup dealing with SDR and connecting to some cellular sources.


I'm not sure how common open SDR hardware is, though some forum threads seem to suggest the Hackrf schematics are here, and are meant to be replicated:


I think one of the big problems is ultimately going to be dealing with phone companies. I think that will ultimately stymie any open efforts in this space, since at the end of the day, you need someone to accept your cellular traffic.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact