Hacker News new | past | comments | ask | show | jobs | submit login
DIY Cellphone (mit.edu)
104 points by shawndumas on Nov 28, 2013 | hide | past | web | favorite | 23 comments

What I criticize is that the GSM modem on the Arduino GSM shield (Quectel M10) comes with no open firmware for this baseband processor - thus it's owned by your mobile network provider since he can update the firmware silently. See https://news.ycombinator.com/item?id=6722292 for a more detailed discussion about that topic from about two weeks ago.

If someone would sell / kickstart a completely open GSM (or what cell phones use nowadays) module, I would be tempted to buy it. Not that I have much use for it ;-)

It shouldn't be that hard. A million dollars, a few people who know about RF hardware, and the (possibly leaked) GSM specs should be enough.

There might be some trouble with encryption / carrier's private keys, but I think that shouldn't be an issue, since a multiband GSM phone works with every strange operator in every remote country, as long as the frequency is supported.

Some cool applications for a really free GSM from the top of my head:

- Virtual SIMS, you only use the data from the SIM, not the physical card to login. (Might be tricky because the SIM protects its information. If you don't want to resort to attacks ala chip shaving and electron microscopes to get the keys, you might just setup a simless private network with a DIY SIM tower (that already exist, AFAIK), as a kind of proof-of-concept.)

- You can see when you recieve a silent SMS ("type 0"), that authorities use to ping your phone to trace you. You can also send them.

- You can record audio from and play it to the phone, which is not possible in most consumer phones

- You can implement hardware encryption (which is tricky for voice, since GSM uses psychoaccoustical compression techniques that might not work on a encrypted stream - nevertheless this is a solved problem and there should be papers on this)

- You would find a bunch of security holes in the network, since its been relying on obscurity and trusted devices for so long.

- You could have a phone that's bottom to top trusted and open-source.

There is an open GSM client stack in OsmocomBB: http://bb.osmocom.org/trac/wiki/Software/GettingStarted It only works with certain baseband chips though, but has already been used to crack the A5/1 GSM crypto: http://www.youtube.com/watch?v=ZrbatnnRxFc

Many of the other things you mention can already be done by using off the shelf GSM baseband chips, since they don't necessarily do much access control of what gets sent.

I don't think the firmware for that module is open source, which is what he wanted.

One problem is that there simply arn't anyone creating baseband chips which are "open". The closest thing is osmocom-bb, avaalable only for one (very old) chipset(which they had to reverse-engineered, with a big thanks to leaked documents on dodgy chinese websites).

Another other issue is the carriers want the baseband chisets and protocol stacks certified before allowing it on their network.

Would a mobile network provider allow an open firmware to connect to their network?

Personally, I think it could be OK as long as the processor is contained (i.e., no open access to the main memory, reliable mechanism for fully shutting it down, etc).

"Would a mobile network provider allow an open firmware to connect to their network?"

They would likely not be happy about it. I assume it would be something like the relationship between tivo and people running hacked tivos ... a cat and mouse game that a bit of effort can keep you ahead of.

BUT, instead of trying to bake up a ground-up open firmware, which would be wonderful but VERY difficult, better to just pick an existing firmware, like osmocom did with the (very old) calypso chipset. You would pick a firmware with very wide market penetration so that it is easy to get handsets, and then try to pick one that was easy to hack.

So ... whatever very widely adopted firmware has the most holes in it.

I don't think they would really care unless you (or many others) started disrupting the network or abusing their services. Unlike Cable TV companies, network operators don't generally have a revenue stream that must be protected by locking down what you can do with the baseband. Whatever traffic filtering they do to keep Skype etc. out is done in the network.

it's owned by your mobile network provider since he can update the firmware silently

Hardly unprecedented. Cable modems work the same way. It seems to make good sense to me; the provider is responsible for the performance of the network, and the client interface is a part of that network.

I saw David speak at OHS, and this project was more about building something cool and differently than trying to be open source and part of the Free/Libre movement.

If all of the phone components/hardware came in a ready to build box, I would definitely follow the instructions and give this a shot. Otherwise, looks like a lot of overhead just trying to gather all the parts together. Cool nonetheless.

I've tried to source the components using as few vendors as possible (currently DigiKey, SparkFun, and Arduino, plus ordering the PCB) but it's definitely more work than just buying a kit. I'm working on a better solution but it's probably a ways off.

Not sure about DK/SF, but Mouser lets you make public project BOM lists so users can just one click and purchase all the components.

I went to a workshop where David Mellis provided the components and walked everyone through constructing this (he works in the MIT Media Lab, so the laser cut wood was also done using their equipment).

The interesting thing was that several other people at the workshop were very gung-ho about how building their own phone in this way makes them in some way free from oppressive phone manufacturers. This didn't really strike me as quite correct given this is mostly just assembling parts from similar manufacturers.

Make the circuit board smaller and shove it in a gutted old phone - now you have open source phone, unrootable and not suspicious.

Edit: sorry, wolfgke informed us that still we can't have the cake.

Two things:

1. In a sea of people carrying iPhones and/or other various touchscreen smart phones, the minority of people using any kind of alternative seem to possess minscule flip phones with full-color displays. I haven't seen a candy bar phone in ages, unless it happens to be some venerable variety of nigh-defunct BlackBerry. I can't imagine this kit being resized down to a scale that would ever fit into what might be regarded as "common", especially since DIY kits need to be produced with parts big enough to man-handle, lest they risk total obscurity. No DIY kit will ever be successful if the parts involved are small enough to warrant a jewler's or watch maker's precision. Would you sell the kit with a loupe and tweezers?

2. Why should an unorthodox handset be suspicious? I guess it depends on the country one might live in? Also passing through customs and airport security, I guess?

I haven't seen a candy bar phone in ages

I still use a candy bar Samsung with a slide-out keyboard.

But is your phone large enough to accomodate easy-assemble-DIY parts?

Do you think it would be possible to gut the phone, and replace it with your own home-brew parts? Would the slide-out keyboard be likely to integrate into whatever DIY parts you select?

I use a Nokia monochrome candy phone!! (so what if i have a Samsung Galaxy Tab 3 as well?)

Though now that Nokia got sold, i have a relic!

Actually more interested in a DIY calculator. The milled enclosure by Yoav Sterman looks realy great.

I will make one. Oh yes, I will.

In fact, I switched from Verizon to T-Mobile after a decade just so I could have a GSM phone. Haven't gotten the pieces together yet, but I'm so down with this because I totally want a wooden phone.

And all the hipsters will squeal with jealousy.

Or spend $200 on a mid range Android or Nokia..

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact