1. 2008
Hashemite University
Electrical Engineering Department
MOBILE PHONE INTELLIGENT
JAMMING SYSTEMPROJECT NO.8
Supervised by:
Dr. Jalal Chebil
Done by:
Abdul Karim Al sbeeh
Asa’d Naim
Ahmad Hussan
Ayman Samier
Final Report
2. Acknowledgment
The project of “Mobile Phone Intelligent Jamming System” would not have been completed
without the funds and support from KADDB/KAFD that provides the total budget required to
complete this project. Thanks to our University and our supervisor Dr.Jalel Chebil; who provided
scientific base and supervision.
There are other persons we want to thank them, had a big role in this project:
Eng.Dwi was graduated from Gadjah Mada University of Jogjakarta majoring in Electronics
Engineering, we want to thank Mr.Dwi for provide our project the main feature of detection the
controller channel. Eng.Yazan qutishat, RF engineer in UMNIAH company I (Abdul Karem Sbeeh)
want to thank my supervisor Eng.Yazan for give my an Excellent training in GSM network
planning and optimization for two months in UMNIAH company. Also thanks for Dr.Abdul
karem Bayati, for his instructive and useful suggestion. Special thanks' to our teachers
Dr.Ahmad Manasreiah, Dr.Omar Sarairah and Eng.Emad/KADDB, who provided us with high
morals, every encouragement and useful suggestions. Also we need to thanks persons that we
benefited from extensive experience in the field of RF design and Microstrip Dr.Nihad Dib at
JUST University.
3. Abstract
The dependence on Mobile Networks is worldwide. The success and growing in mobile
networks becomes troublesome and annoying by the ringing of mobile, especially in places
where silence is required such as Mosques, University lecture rooms, libraries, concert halls,
meeting rooms etc. This project will solve this problem by using an intelligent jamming
device capable of preventing cell phones which operates within a restricted area. This
project gives an explanation to the concept of mobile Jamming and explores jamming in the
two popular mobile networks: Global system for mobile communication (GSM) and digital
cellular network (DCS). The intelligent jamming system is designed to block only the
controller channel, also to operate only if there is active mobile in the restricted area. The
system of mobile jamming is analyzed and simulated using the Advance Design System
(ADS) for Agilent software package.
4. I
Table of Contents
1. CHAPTER 1 INTRODUCTION ............................................................................................... 1
1.1 Objectives ....................................................................................................................... 2
1.2 Importance ..................................................................................................................... 2
1.3 Report Outline ................................................................................................................ 3
2. CHAPTER 2: GSM/DCS MOBILE COMMUNICATION SYSTEM......................................... 4
2.1 Introduction To Mobile Telephone Systems ............................................................................... 4
2.2 GSM Architecture ............................................................................................................................ 5
2.2.1 Mobile Switching Center ................................................................................................... 5
2.2.2 Base Station Center ........................................................................................................... 5
2.2.3 BTS Architecture ................................................................................................................ 6
2.3 Types of Channels ............................................................................................................................ 7
2.4 Power Level Transmitted and Sensitivity ..................................................................................... 7
2.5 Frequency Bands ............................................................................................................................. 7
2.6 Frequency Hopping System ........................................................................................................... 8
3. CHAPTER 3: JAMMING TECHNIQUES ..................................................................................... 10
3.1 Jamming Strategies ....................................................................................................................... 10
3.1.1 Noise Strategies ............................................................................................................... 10
3.1.2 Phase Strategies ............................................................................................................... 10
3.2 Jamming Techniques ..................................................................................................................... 10
3.2.1 Noise Jamming ................................................................................................................. 11
3.2.2 Tone Jamming .................................................................................................................. 11
3.2.3 Swept Jamming ................................................................................................................ 12
3.2.4 Pulse Jamming .................................................................................................................. 12
3.2.5 Follower Jamming ............................................................................................................ 13
3.2.6 Smart Jamming ................................................................................................................. 15
4 . CHAPTER 4: ELECTRONIC CIRCUITS IMPLEMENTATION .............................................. 16
4.1 Methodology ..................................................................................................................... 16
5. II
4.2 Mobile Detector ............................................................................................................... 18
4.3 IF Stage .............................................................................................................................. 20
4.3.1 Triangular Wave Generator ....................................................................................... 20
4.3.2 Noise Generator ............................................................................................................ 22
4.3.3 Mixer ................................................................................................................................. 24
4.3.4 Voltage Control Oscillator .......................................................................................... 26
4.4 RF Stage ............................................................................................................................. 29
4.4.1 Synthesizer ........................................................................................................... 29
.
4.4.2 IQ Modulator .......................................................................................................... 31
4.4.3 Power Splitter ......................................................................................................... 32
4.4.4 Power Amplifier ................................................................................................... 35
4.4.5 Antennas ................................................................................................................ 36
.
4.5 PC Boards Layouts ............................................................................................................ 37
4.6 Power Supply .................................................................................................................... 40
5. CHAPTER 5: TEMS POCKET AND PC SOFTWARE ......................................................... 42
5.1 TEMS Pocket ....................................................................................................................... 42
5.2 Synthesizer Software .......................................................................................................... 43
6. CHAPTER 6: PIC MICROCONTROLLER AND COMPUTER PORTS ............................. 45
6.1 The PIC Microcontroller ...................................................................................................... 45
6.1.1 PIC Families ............................................................................................................. 45
6.1.2 PIC Pin Mapping ..................................................................................................... 46
6.1.3 Synthesizer‐Mobile Detector Controlling System .................................................. 46
6.2 Computer Ports Interfacing ................................................................................................ 49
6.2.1 Parallel Ports .......................................................................................................... 49
.
7. CHAPTER 7: CONCLUSIONS AND FUTURE RECOMMENDATIONS ........................ 51
REFERENCES ................................................................................................................................
APPENDIX A ...........................................................................................................................................
APPENDIX B ............................................................................................................................................
6. III
APPENDIX C ............................................................................................................................................
APPENDIX D ...........................................................................................................................................
7. IV
List of Figures
Figure 2.1: GSM Architecture ......................................................................................................... 5
Figure 2.2: TDMA Technology ......................................................................................................... 6
Figure 2.3: General BTS Contain 3 TRX’s ......................................................................................... 7
Figure 3.1: Jamming Techniques ............................................................................................... 14
.
Figure 3.2: General Block Diagram for Intelligent Jamming System ............................................ 15
Figure 4.1: Mobile Phone Intelligent Jamming System Block Diagram ........................................ 17
Figure 4.2: Mobile Detector .......................................................................................................... 19
Figure 4.3: Triangular Wave Generator ........................................................................................ 20
Figure 4.4: Square Wave from Point A ......................................................................................... 21
Figure 4.5: Triangular Wave from Point B .................................................................................... 21
Figure 4.6: Practical Triangle Signal .............................................................................................. 21
Figure 4.7: Noise Oscillator ........................................................................................................... 22
Figure 4.8: Amplifier Stages to Amplify the Noise ........................................................................ 23
Figure 4.9: Output Noise Waveform ............................................................................................. 23
Figure 4.10: Practical Output Noise .............................................................................................. 24
Figure 4.11: TL082 J‐FET OPAMP .................................................................................................. 25
Figure 4.12: OPAMP Mixer ........................................................................................................... 25
.
Figure 4.13: Practical Mixed Waveform ....................................................................................... 25
Figure 4.14: Basic Oscillator .......................................................................................................... 26
Figure 4.15: MAX038 Function Generator .................................................................................... 27
Figure 4.16: MAX038 Voltage Controlled Oscillator ..................................................................... 28
Figure 4.17: Transient Simulation for Voltage Controlled Oscillator Output ............................... 28
Figure 4.18: Practical VCO Output Waveform .............................................................................. 29
Figure 4.19: (AD4156) Sigma‐Delta Fractional‐N Synthesizer ...................................................... 29
Figure 4.20: ADF4157 Frequency Synthesizer .............................................................................. 30
Figure 4.21: EVAL KIT for Synthesizer ........................................................................................... 31
Figure 4.22: RF Mixer .................................................................................................................... 31
Figure 4.23: Wilkinson Power Splitter .......................................................................................... 32
10. Chapter
1
INTRODUCTION
The last few years have witnessed a dramatic boom in the wireless communications industry
which causes an increase in number of mobile users. This evolution of communication gives
numerous advantages and convenience for mobile user, however, the ringing of mobile phones
becomes troublesome and annoying, especially in places where silence is required such as
Mosques, University lecture rooms, libraries, concert halls, meeting rooms etc. This project will
solve this problem by using an intelligent jamming device capable of prevent cell phones from
operate within a restricted area in Jordan.
Communication jamming devices were first developed and used by military forces to prevent
successful transport of information between enemy forces. Nowadays, the mobile jammer
devices are becoming civilian products rather than military devices. There are two major types
of jammers non‐intelligent and intelligent jammers. The non‐Intelligent Jammer is used in a
restricted area and it is designed to block all mobile phones operate in a certain frequency
bands such as downlink frequency band of global system for mobile communication. This type
of jammers is not fit for civilian use and especially for military applications; because it blocks all
mobile phones present in the restricted area. In addition, the system will transmit jamming
signals, whether there is mobile user in that restricted area or not. Moreover, the non‐
intelligent system jams the whole downlink frequency band even though the intruder mobile
phone uses only a small portion of the band.
The intelligent jammer is developed to solve the problems appearing in non‐intelligent
jammers; therefore this jammer is the most powerful jamming system that can be used by
civilians. The intelligent Jammer normally works as a detector. When it detects signaling from
1
11. the base station to the mobile station, it signals the base station not to establish a
communication. This process of detection and interruption of call establishment is done during
the interval normally reserved for signaling and hand shaking.
1.1 Objectives
The objectives of the project are to design and build an intelligent mobile phone jammer that
can fulfill the following requirements.
A. It is capable of selecting and jamming the controller channel in the restricted area.
B. It has an intelligent controller that controls all operations of the jamming system.
C. It consumes less power than the non‐intelligent jammers.
D. It is designed to cover area of 20 m radius.
1.2 Importance
The intelligent mobile phone jammer helps us to silence all mobile phones in quite areas and
thus enforce the respect of people’s privacy.
Some countries prevent the use of jamming systems in civilian places; because it is radiates
the jamming signals at all time that may be effect on human health. The proposed intelligent
system solves this problem by designing a mobile detector which can decide if there is mobile
around or not; to make the jamming system work only at calling.
The system is designed to block only the controller channel not the whole of spectrum as the
non‐intelligent jammers.
2
12.
1.3 Report Outline
This Report is divided into seven chapters; Chapter 2 will explain the main structure of
GSM/DCS system network related to air interface base transmission station (BTS) and Base
station center (BSC).The disabling of the mobile communication systems (GSM, DCS) done by
using Jamming techniques which explained in chapter 3. Electronic circuits and power supply
will be designed and simulated using advance design system (ADS) software package, these
details shown in chapter 4. The main feature of this project is to select only the controller
channel and block it only, the technique of knowing this channel will explain in chapter 5. The
intelligent jamming system has intelligent controller system consists of PIC Microcontroller and
interfacing ports these details can be seen in chapter 6. Finally the conclusion and future
recommendation are given in chapter 7.
3
13. Chapter
2 GSM/DCS MOBILE
COMMUNICATION SYSTEMS
2.1 Introduction To Mobile Telephone Systems
The key technologies used in cellular mobile radio include cellular frequency reuse1, analog
cellular (1st generation) include Advanced Mobile Phone Service (AMPS) was the original analog
cellular system in the United States. The frequency bands for the AMPS system are 824 MHz to 849 MHz
(uplink) and 869 MHz to 894 MHz (downlink). After that in first Generation the total Access
Communication System (TACS) was deployed with difference than AMPS in radio channel
frequency bandwidth. Then the 2nd generation was implemented includes Global System for
Mobile Communication (GSM) that will explain in details later in this chapter, also in the same
generation the North American TDMA (IS‐136 TDMA) and Code Division Multiple Access
(CDMA) was deployed. The development in 2nd generation was appearing in Packet based
digital radio (2.5 generation) include General Packet Radio Service (GPRS) and Enhanced Data
Rates for Global Evolution (EDGE). Finally the CDMA2000 and Wideband Code Division Multiple
Access (WCDMA) includes in 3rd generation [1].
In Jordan, there are two types of (GSM), the GSM‐900 and GSM‐1800, the first one is used by
Zain and Orange Companies, and the second one is used by UMNIAH Company. This system
also called digital cellular network system (DCS), so that this project is focusing only on GSM
and DCS systems to design our intelligent jamming system.
1
To conserve the limited amount of radio spectrum (maximum number of available radio channels), the cellular system
concept was developed. Cellular systems allow reuse of the same channel frequencies many times within a geographic
coverage area [1].
4
14.
This chapter will talk about the GSM architecture; types of channels, power sensitivity,
frequency bands of the GSM/DCS systems also will talk about the hopping system.
2.2 GSM Architecture
GSM provide for voice and data communication throughout a wide geographic area. GSM
systems divide large geographic areas such as Jordan into small radio areas (cells) that are
interconnected with each other (Microwave connection). Each cell coverage area has one or
several TRX’s that communicate with mobile telephones within its coverage area.
2.2.1 Base Station Center (BSC)
Figure 2.1 shows the architecture of the GSM network, the BSC is the center of different Base
Transceiver Stations (BTS’s) the main functions of BSC are to [2]:
• control the handover between its BTS’s.
• switch traffic and signaling to/from the BTS’s and MSC.
• manage the interconnection between BTS’s and MSC.
Figure 2.1: GSM Architecture
5
16. TRX 2 TRX1 TRX0
SDCCH
BCCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
TCH
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I
I I I I I I I I
I
>>> To antenna
>>> To antenna
>>> To antenna
Figure 2.3: General BTS contain 3 TRX’s
2.3 Types of Channels:
There are two types of channels; logical and controller channels:
I. Logically Channels (TCH, and PDCH):
The traffic Channel (TCH) uses for traffic calls and Packet Data Channel (PDCH) using to transfer
Data. Each TCH work in case of Full Rate or Half rate using (Full rate transcending) [2].
II. Controller Channels (SDCCH and BCCH):
A. BCCH: The Broadcast Control Channels are down linking only (BSS to MS) [3]
B. SDCCH (stand alone control channel): sends the immediate assignment to mobile
station to complete call setup procedure [3].
7
17. 2.4 Power Level Transmitted and Sensitivity:
The power transmitted from antenna in tower is ‐47dBm as downlink signal. Minimum power
required from mobile to connect with its BTS is ‐110dBm, and it’s different from mobile to
mobile due to the different sensitivity of different mobiles antennas.
2.5 Frequency Bands
Table 2.1 contains the frequency bands for GSM and DCS systems. To avoid the fractions in
frequency; the companies of mobile communication uses the abbreviation absolute radio
frequency channel number (ARFCN) to define the uplink and downlink frequency at the same
time, (see Appendix B).
Table 2.1: GSM systems Frequencies
GSM system Uplink frequency band downlink frequency band
GSM 900 890 ‐ 915 MHz 935 ‐ 960 MHz
GSM 900 Extended Band 880 ‐ 915 MHz 925 ‐ 960 MHz
DCS 18002 1710 ‐ 1785 MHz 1805 ‐ 1880 MHz
2.6 Frequency Hopping System:
Before explaining this technology you must know that the mobile changes its tuned frequency
for the following reasons:
1. Due to Level of power transmitting, so its search about frequency has maximum power.
2. Due to interferences, so its search about frequency has minimum interference.
2
DCS1800 digital cellular network at 1800 MHz
8
19. Chapter
3 JAMMING TECHNIQUES
After the background information of GSM/DCS systems, it does make sense to have
information about the methods which followed to jam the communication systems. In
general, the Jamming is successful when the jamming signal denies the communication
Process. This chapter will describe these methods (jamming techniques) in details that based
on two basic ideas: noise mixing and phase changing to obstruct and block the original signal.
3.1 Jamming Strategies:
3.1.1 Noise Strategies:
The main idea here is to insert additional noise in receivers which prevent these Rx from
getting the correct information from the receiving signal. Almost all the techniques which
will be discussed later depend on these strategies [5].
3.1.2 Phase Strategies:
The main idea is to change the phase of signals to prevent the receivers which uses this
phase to receive signal in correct phase.
3.2 Jamming Techniques
3.2.1 Noise Jamming:
The carrier signal is modulated with noise to insert noise into the receiver. By this the
jammer can emit multiple tones, usually; the placement of these tones is based on some
knowledge of the target or targets to be jammed. Noise is used to raise the background
10
20. noise in the spectrum in which the target system is operating. The bandwidth of the signal
can be as wide as the entire spectrum width used by the target system or much narrower,
occupying only a single channel. These choose makes these kinds of noise jamming [5].
3.2.1.1 Broadband Noise (BBN) Jamming:
Broadband noise (BBN) jamming places noise energy across the entire width of the
frequency spectrum used by the target system radios. It is also called full band or barrage
jamming. This type of jamming is useful against all forms of target system communications. It
is generally useful for coverage an area for screening purposes as well [5].
The limitation of this jamming that is result in low jo (jamming signal power) and this low
power is spread very wide. The BBN can effect on synchronization as Fast Frequency
Hopping (FHSS) which typically need resynchronize on every transmission attempt [5].
The synchronization consists of aligning the time epoch of the transmitter at the receiver and
aligning the PN code sequence. The later causes the receiver to hop to the same frequencies
as the transmitter, while the former insures that these hops occur at the same time. If the
receiver is precluded from synchronization with the transmitter then communication is
denied. The BBN jamming raises the background noise levels and can be used to attack the
synchronization process. Possible BBN jamming spectrum is shown in Figure 3.1 (b)
3.2.1.2 Partial‐Band Noise (PBN) Jamming:
PBN jamming places noise‐jamming energy across multiple, but not all channels in the
spectrum used by the targets [5]. These channels may or not may be contiguous. Possible
PBN jamming spectrum is shown in Figure 3.1 (C, d)
11
21. 3.2.1.3 Narrowband Noise (NBN) Jamming:
NBN jamming places all the jamming energy in a single channel. The bandwidth of this
energy injection could be the whole width of the channel or it could be only the data signal
width or the complementary signal width [5].
Possible NBN jamming spectrum in Figure 3.1 (e)
3.2.2 Tone Jamming:
In tone jamming, one or more jammer tones are strategically placed in the spectrum. Where
they are placed and their number affects the jamming performance. There is two type of
tone jamming [5]:
A. Single tone jamming where signal tunes are placed where it’s needed.
B. Multi tone jamming distributes the jammer power among several tones.
The phase of the jammer tone relative to the target signal can be important parameter,
when there is a single tone jamming signal its well be either at the mark or space frequency.
If it's at the mark frequency, then the phase can present a problem when the jammer tone is
sufficiently out of phase with the symbol signal. If it's at the space frequency, then if the JSR
is large enough the symbol is jammed independent of the phase relationship [5].
It’s still need to mention that the single tone is suitable for direct sequence spread spectrum
(DSS), but not for the changing frequency system like FHSS, however the multi tone jamming
can deal with the FHSS. Possible single‐tone jamming spectrum is shown in Figure 3.1 (f) and
g‐MT in (g).
3.2.3 Swept Jamming:
In swept jamming a relatively narrowband signal which could be as narrow tone but more
often PBN signal, is swept or scanned in time across the frequency band of interest. At any
instant in time, the jammer is centered on a narrow region around this frequency. However,
since the signal is swept, abroad range of frequencies can be jammed in a short period.
When implemented digitally, for example, the jammer may spend 100µs at any one
frequency before moving on to the next band to be jammed. Normally these bands would be
12
22. consecutive but have not to be, the bands could actually be selected randomally with digital
synthesizer generating the jamming waveform. In this way, this jammer could cover the
whole 30 to 90 MHZ band in about 240 ms; here the full power of the jammer is employed at
each dwell bandwidth. It's possible to avoid certain bands that might be in use by friendly
forces. This is true only when the timing is tailored to the target receiver so that the jamming
signal is present at the receiver for an adequate dwell time. By sweeping the jamming wave
form over a whole range of spectrum, then the jammer is ensure to jam at the entire set of
hop frequencies. Timing is important here, the sweeping must be fast enough to that the
whole band is covered in a sufficiently short period or hops will occur for which no jamming
signal is present. For example to cover the 60 MHZ in the low VHF range 10 times per second
requires a sweep rate of 600 MHZ per second [5].
3.2.4 Pulse Jamming:
This technique is similar in concept to partial band noise jamming. Pulse jamming can have
lower average power than some of other jamming techniques discussed here, and be just as
more effective. The duty cycle determines the relationship between the average power and
peak power. The jamming effects depend on the peak power and how often that signal
returns to the receiver [5].
3.2.5 Follower Jamming:
This Jammer attempts to locate the frequency to which the frequency hopping transmitter is
sent, to identify the signal as the one of interest (the target), and jam at the new frequency.
This jamming waveform could be in the form of tones or it could modulate the tones with,
say, noise using FM modulation. Follower jamming is also referred to as responsive jamming,
repeater jamming, and repeater back jamming [5].
13
23.
Amplitude
(a) Frequency
Amplitude
(b) Frequency
Amplitude
(c) Frequency
Amplitude
(d) Frequency
Amplitude
(e) Frequency
Amplitude
(f) Frequency
Amplitude
(g) Frequency
Figure 3.1: a‐channelized spectrum, b‐full band jamming, c‐ contiguous partial band jamming
d‐ Non d contiguous partial band jamming, e – narrowband noise jamming, f –single tone
jamming, and g‐MT jamming
14
24. 3.2.6 Smart Jamming
This category of jamming techniques attempts to disrupt portions of digital signals only,
selecting only those portions necessary to deny communications, if possible.
Figure 3.2: General block diagram for intelligent jamming system
To describe the system in a block diagram shown in Figure 3.2, let's discuss two cases: First
case, the GSM Scanner and Power detector Systems detects a mobile phone in the restricted
area and gives information to computer about the frequency used by mobile phone, and
then the computer gives the circuit interface system an instruction to prepare the jamming
system to block the mobile phone. Second case, when the GSM scanner and power detector
systems are not detecting mobile phone in the restricted area for a time specified in
computer, the computer gives the circuit interface an instruction to shift the jamming system
into standby mode.
15
25. Chapter
4 METHODOLOGY AND ELECTRONIC
CIRCUITS IMPLEMENTATION
The deep view inside the system will show each stage and the circuits in details. This chapter
will talk about the Methodology to build the jamming system from the electronic point of
view and it will explain clearly the main function of each single circuit and its theoretical
information also this chapter contains analysis and design for each circuit by using the
advance design system software package such as mixer, noise generator….etc.
4.1 Methodology
To build this project; the system must be divided into two phases; the first phase as the
jamming system and the second one is to control the jamming system to be an intelligent
jamming system. These subsystems and stages are coming from different functions of each
small component, so let’s discuss the purpose of each stage by explaining the operation of
the system.
The main purpose of the overall system is to disable or block mobile phones in the restricted
area. As shown in Figure 4.1 the intelligent jamming system is designed to work as detector,
where the Mobile detector are detect the RF signals from mobile and supply the PIC
microcontroller by the required information to check if there is mobile phone around or not.
The synthesizer then will be enabled by PIC to block the desired frequency. The desired
frequency here means the controller channel that can be detected using TEMS pocket that
will be explained later in chapter six.
16
26. The jamming system will produce the jamming signal by mixing the noise with intermediate
frequency and then modulate into UHF (Ultra High Frequency) range for mobile
communication system as single side band (SSB). The switching system will choose the mobile
communication system to jam (GSM or DCS). Finally the signal must be amplified to be
propagated.
The design of any stage of the system is depends on the characteristics of the problem. In this
design of the project is supported by the Agilent technology software package called ADS and
other tools using to program the intelligent controller such as PIC microcontroller.
Figure 4.1: Mobile phone intelligent jamming system block diagram
17
27. This project can be implemented in two phases; the first one is the Design and Simulation by
Using ADS. As shown in Figure 4.1 the jamming system is characterized by the intermediate
frequency (IF) stage, radio frequency (RF) stage, and Transmission stage. Also signal
processing in order to select control Channels is done by TEMS pocket software.
The UHF modulation, in order to modulate the signal to be transmitted is shown in Figure 4.1
as IQ modulator. Finally the transmission stage is required to propagate the signal through
antenna.
4.2 Mobile Detector
Proceeding from the intelligently of the project it is important to find or design a circuit that
can detect calling process and give a warning to the control system to shift the jamming into
power on mode. This section has a brief description about the calling detector circuit, its
components and the testing results.
This circuit3 is shown in Figure 4.2 can sense the presence of an activated mobile phone from
a distance of one and half (1.5) meter. It can detect the incoming and outgoing calls, SMS and
video transmission even if the mobile phone is kept in the silent mode. At the moment the
bug detects RF transmission signal from an activated mobile phone, it starts sounding a beep
alarm and the LED blinks. The alarm continues until the signal transmission ceases.
The circuit as shown in Figure 4.2 consists of four main stages
1. Capturing RF transmission stage.
2. Current to voltage converter
3. Trigger stage
4. Timer stage
3
D. MOHAN KUMAR, “Mobile Bug”, Electronics for you magazine, 2008
18
28.
Figure 4.2: Mobile detector
Capturing RF transmission stage
This stage can capture all frequencies in the mobile communication spectrum from 0.9 to 3 GHz
with a wavelength of 3.3 to 10 cm. To do the detection job this stage uses a 0.22μF disk
capacitor (C3), this capacitor stores energy and transfers the stored energy in the form of
minute current to the inputs of the stage of current to voltage converting.
Current to Voltage converter Stage
The aim of this stage is to convert the minute current from the previous stage into the
corresponding output voltage by using a current to voltage convertor (CA3130).
Trigger stage
This stage used to trigger the timer stage and provide an Invisible alert about the transmission
mobile data occurrence this trigger used a monostable timer (NE555).
19
29. 4.3 IF Stage
4.3.1 Triangular Wave Generator:
Figure 4.3 shows the triangular wave generator circuit [6], it is containing two stages the first
is the Schmitt trigger that generates square wave and the other is the integrator circuit that
integrate the square wave to the triangle wave. The triangular wave oscillator is composed of
the Schmitt circuit and the integration circuit.
(The value of frequency generated from this circuit depends on the ratio of the resistors R2
and R3).
In this project the period of Triangle wave required to block GSM system is defined as
following:
T = .577 msec × 2 =1.154 msec
Where: .577msec is the time of each time slot.
Figure 4.3: Triangle wave Generator
20
30.
Figure 4.4: Square wave from Point A
Figure 4.5: Triangular wave from Point B
Figure 4.6: Practical Triangle Signal
21
31. 4.3.2 Noise Generator:
In this project the jamming system needs a certain type of noise to cover a portion band of
spectrum, so the most applicable type of noise in this case is the white noise. The noise in
general can be defined as a Random movement of charges or charge carriers in an electronic
device generates current and voltage that vary randomly with time [7].
4.3.2.1 White Noise
White noise is a random signal (or process) with a flat power spectral density. In other words,
the signal's power spectral density has equal power in any band, at any centre frequency,
having a given bandwidth. White noise is considered analogous to white light which contains
all frequencies [7]. An infinite‐bandwidth, white noise signal is purely a theoretical
construction. By having power at all frequencies, the total power of such a signal is infinite. In
practice, a signal can be "white" with a flat spectrum over a defined frequency band [7].
The requirements are to find a circuit which generates a white noise. The circuit as shown in
Figure 4.7 will generate the noise required for the jamming system.
Figure 4.7: Noise Oscillator
22
32. 4.3.2.2 Amplifier Stage
To amplify the noise generated by the previous circuit; the two stages of amplification in
Figure 5.7 is used.
Figure 4.8: Amplifier Stages to Amplify the Noise
The capacitor C4 is just for blocking DC. The value of the resistor forms the none‐inverting
Amplifier and its gain is given by (1+ R/R2). The noise waveform is shown in Figure 4.9 and
4.10.
Figure 4.9: Output Noise waveform
23
33. Figure 4.10: Practical Output Noise
4.3.3 Mixer:
Mixer is a nonlinear circuit that combines two signals in such away to produce the sum and
difference of the two input frequencies at the output [8].
4.3.3.1 Transistor Mixer:
In this project the mixer uses FET transistor; scince it’s a low noise device and fast in
response, so its efficient device in this case. The FET Circuit illustrates the technique of
summing the two input signal at a single input terminal (both IN1 and IN2 are applied to the
gate) [8]. FETs can be used in mixers in both active and passive modes.
There are different types of mixers and different techniques; in this project the mixer uses the
simple summer circuit contains from just one dual OPAMP (TL082) as shown Figure 4.12 [6].
TL082 OP‐AMP as shown in Figure 4.11 is a high speed J–FET input dual operational amplifiers
incorporating well matched, high voltage J–FET and bipolar transistors in a monolithic
integrated circuit. The devices feature high slew rates, low input bias and offset current, and
low offset voltage temperature coefficient.
24
35.
4.3.4 Voltage Control Oscillator:
In this project the voltage control oscillator is used to generate a portion of modulated signal
from 2 kHz ‐ 310 kHz, bandwidth 200 kHz as the GSM mobile communication channel
bandwidth.
4.3.4.1 Oscillator Performance Parameter:
Frequency tuning range is one of the most fundamental tradeoffs in an oscillator. The Q
factor of the resonator sets the noise performance of the oscillator. In general, the more
tunable an oscillator is the lower the Q of the resonator [9].
Any amplifier can be made to oscillate if a portion of the output is fed back to the input in
such away the (Barkhausen Criteria) Figure 4.14 shows the basic block diagram to any
oscillator [8]. The two conditions must be satisfied to be oscillator to oscillate [8]:
A. AB = 1
B. 2
A
B
Figure 4.14: Basic Oscillator
26
36. The MAX038 as shown in Figure 4.15 is a high‐frequency, precision function generator
producing accurate, high‐frequency triangle, sawtooth, sine, square, and pulse waveforms
with a minimum of external components. The output frequency can be controlled over a
frequency range of 0.1Hz to 20MHz.
The output of the mixer in entered to MAX038 from IN pin within series Resistor to convert
the voltage into current. CF changed to 1 nF also the output is sin wave so Ao = logic 1 and A1
= logic 1.
Figure 4.15: MAX038 function
generator
27
38. Figure 4.18: Practical VCO output waveform
4.4 RF Stage
4.4.1 Synthesizer
It’s a device which is used as a tunable oscillator. The ADF4156 is shown in Figure 4.19 and
4.20 is a 6 GHz fractional‐N frequency synthesizer that implements local oscillators in the up
and down conversions sections of wireless receivers and transmitters.
Figure 4.19: (AD4156) Sigma‐Delta
Fractional‐N Synthesizer
29
39. Figure 4.20: ADF4157 Frequency Synthesizer
The following equation governs how the synthesizer should be programmed [11]:
FRAC
RFOUT N FPFD
225
Where:
RFOUT is the RF frequency output.
N is the integer division factor.
FRAC is the fractionality.
This IC has Evaluation kit to configure the interfacing with the computer and to provide the
synthesizer the Reference frequency as shown in Figure 4.21 [11].
30
40.
Figure 4.21: EVAL KIT for Synthesizer
4.4.2 RF Mixer
As mentioned before; the jamming signal must have the same frequency of the controller
channel with bandwidth equal to (200KHz) provided from VCO in the IF stage, so you need to
carry this baseband on a suitable carrier which have the frequency of controller channel; to
do this its useful to use the RF Mixer as shown in figure 4.22.
Figure 4.22: RF Mixer
31
41. RF Mixer is shown in Figure 4.22 [12] is used to produce a modulated signal mixed with noise.
The carrier frequency will be fed to the modulator by the synthesizer, and the baseband from
the VCO in IF stage. The introducing of Double sideband (DSB) signal can be done by feeding
the IF signal from I terminal and carrier from LO terminal [13].
4.4.3 Power Splitter
After the signal mixed with carrier frequency and become in UHF range, the second step is to
amplify the signal to be transmitted. The transmission stage has two branches; 900 MHz
branch and 1800 MHz branch, so to divide the common signal between two branches; the
splitting process will be used.
4.4.3.1 Power Splitter:
Splitters are used extensively in wireless signal distribution networks, to split the base station
transmitted signal, Tx, into many different paths to reach multiple antennas, and at the same
time to transmit the signals received by the antennas, Rx, back to the base station receiver
[14].
Figure 4.23: Wilkinson Power Splitter
32
42. Wilkinson Splitters is shown in Figure 4.23 for microwave frequencies generally use a
microstrip design. They consist of a pair of quarter wave (λ/4) transmission line sections with
characteristic impedance of 70.7Ω which are series terminated at the output with a 100Ω
resistor [14].
The design of power splitter using AutoCAD is shown in Figure 4.24.
Figure 4.24: Power Splitter design
33
43. In this project because of problems to build the RF circuits PCB’s we use the RF Power Splitter
module as shown in figure 4.25.
Figure 4.25: RF Power Splitter
4.4.4 Power Amplifier
First let’s calculate the minimum power required to block the GSM‐900 and DCS (Jr):
For GSM‐900 the minimum signal to noise ratio (SNR min=9 dB) and maximum signal power (S
MAX =‐15dBm) [16].
Now , so Jr (dB) =‐15 ‐ 9=‐24dBm. To cover area of 20 meter radius; the free
space power loss (FSPL) should be calculated as follow:
FSPL=20log [17].
Where:
R and in meter
For 960MHz 0.3125 m, substituting in FSPL equation gives:
FSPL= 58 dB, then Jr=‐24 + 58 = 34dBm.
For DCS:
SNR min=9 dB and S MAX = ‐23dBm [16].
Repeating the calculation with f = 1880 gives:
Jr = ‐32 + 63.9 = 31.9dBm.
To meet this power we need a power amplifier.
34
44. 4.4.4.1 Power Amplifier DCS‐1800
It’s a power amplifier which can be used to give the sufficient power for jamming signal in
range of DCS downlink frequency (1805 ‐ 1880 MHz). This power amplifier can give 33dBm
maximum power. The Figure 4.26 shows the power amplifier module from RFbayinc [18].
Figure 4.26: MPA 19‐20 Power Amplifier
But the power coming from synthesizer is not sufficient to be amplified to 33dBm as shown in
figure 4.27 to get 33dBm output; the input power must be from (10‐15)dBm; so the RF
Amplifier MRA‐2000 is used to amplify the input signal from 0 to 10dBm.
Figure 4.27: Output Power with respect to Input Power
35
45. 4.4.4.2 Power Amplifier GSM‐900
This power amplifier is suitable for GSM‐900 downlink frequency (925‐960MHz). This power
amplifier can give 34dBm maximum power. The Figure 4.28 shows the power amplifier
module from RFbayinc [19]. In this power amplifier there is no need to amplify the signal fed
from synthesizer because it is sufficient to get the desired output power.
Figure 4.28: MPA‐0925 Power Amplifier
4.4.5 Antenna
The final stage in any Transmitter communication system is the Antenna, in this project of
intelligent jamming system for GSM, needs to antenna works in frequency of GSM and DCS
systems as explained in chapter 2. The antenna has shown in Figure 4.30 support multiple
mobile systems like [AMPS, GSM, DCS, PCS and UMTS]. The radiation pattern of this antenna
is omni with vertical polarization also has 2dBi gain [20].
Figure 4.29: Antenna
36
46. 4.4.6 PCB Boards Layouts
By using PCB (Printed circuit board) program to draw the layout of the circuit in this project
like [IF stage, Power Amplifiers for 900 and 1800, Power splitter, Mobile detector ver.1 and
ver.2] as follow:
Figure 4.30: IF Stage PCB
37
47.
Figure 4.31: Mobile detector Ver.1
Figure 4.32: Mobile detector Ver.2
38
48. 4.4.7 Power Supply
The main operator of the jamming system from the electricity point of view is the electrical
power because it will bias and feed each stage in the system. This section will explain the
relationship between the power supply and other stages in the system.
In general the power supply consists of transformation, rectification. Filtration and regulation
as shown in the Figure 4.36 [6]:
Power supply To VCO
Input To
voltage Transformer Rectifier Filter Regulator Oscillator
To noise
circuit
Figure 4.33: Block diagram to power supply
The Figure 4.36 shows the general power supply circuit that can be explained each of them
as follow:
1. The transformer is used to step down the input voltage from 220 to the desired values.
2. The rectifier stage is used to convert the signal from AC to DC.
3. Filter is used to reduce the ripple of voltage that results from rectifier stage.
4. The regulator is used for safety and to ensure a fixed voltage across a certain load in the
circuits in case the input values or the load are changed so it have the concept of the
zener diode principle. As example on the regulators L200 IC with high voltage.
39
49. 4.4.7.1 The Operation of Power Supply
There are two ways to supply the system with required voltages:
1. Using AC to DC power supply, which gives directly the wanted values, for example the
power supply of the PC which has a complex arrangement of electrical components,
including diodes, capacitors and transformers, this special power supply is called switched
mode power supply (SMPS), the switching process is to convert the current frequency
from 50 Hz to higher frequency; to reduce the ripple that inversely proportional to
frequency. Their outputs are: 3.3, 5, 9, 12 and ‐5, ‐9, ‐12. This method is not used in this
project because the system needs to 28 V.
2. Building a power supply from transformer, bridge rectifier, and regulators. In this method
the center tap transformer step down from 220 to 30 is used, then connects a bridge
rectifier like KBPC3510 with two capacitors to get DC signal.
4.4.7.2 Power Supply PCB layout
40
50. Chapter
5 TEMS POCKET AND PC
SOFTWARE
5.1 TEMS Pocket
In this project as intelligent mobile jamming, the most important feature of this system is
simplified in simple worlds as how to know the controller channel frequency in the neighbor
base stations to block it only. The manually method to measure the frequency of the
controller channel which needs more than one heavy equipments like spectrum analyzer and
antenna adapter also need someone has experience in mobile communication specially in
GSM system, so the TEMS Pocket is an optimum solution to this case.
TEMS Pocket is a basic mobile network diagnostics tool built into an Ericsson T610 GPRS
mobile station. TEMS Pocket is suitable for day‐to‐day verification, maintenance and
troubleshooting of mobile networks but is also handy for many cell planning tasks [21].
The interface of TEMS pocket have a number of parameters not all these parameters is
important in this project see Figure 5.1.
Figure 5.1: TEMS pocket interface
41
51. 5.2 Synthesizer Software
The synthesizer ADF4157 receive the fraction digital numbers from software based in PC
computer via parallel port. This software is programmed from Analog Devices Company.
Let’s discuss this software with pictures from its interface as follow:
Figure 5.2: Main screen of synthesizer program
Figure 5.2 shows the main screen in ADF4157 Software, that can be send the fractional in
registers via parallel port when press in “Update All RF Register”.
42
52. Figure 5.3: RF output frequency screen
As shown in Figure 5.3 the output frequency in VCO can be changed and then press the
“Update R0 and R1” button, other feature can be changed like step size and ref. division.
43
53.
Chapter
6 PIC MICROCONTROLLER AND
COMPUTER PORTS
The intelligent system needs to be under control and to have a specific output according to a
specific input. One of the most important digital controllers is the PIC microcontroller that
stands for “Programmable Interface Controller”. This chapter will talk about the PIC types and
the related assembly codes. Also it will determine which one to be used in this project.
6.1 The PIC Microcontroller
PIC is a family of microcontrollers made by Microchip Technology. The original one was the
PIC1650 developed by General Instruments. This device was called PIC for “Programmable
Intelligent Computer” although it is now associated with “Programmable Interface Controller”
Instead they prefer the brand name PICMicro. Popular wisdom relates that PIC is a registered
brand in Germany and Microchip is unable to use it internationally [22].
6.1.1 PIC Families:
There are three families of PICMicro:
1. Baseline PIC Family
2. Mid‐range PIC Family
3. High‐Performance PIC Family
44
54.
6.1.2 PIC Pin Mapping:
Figure 6.1 is a topview of the PIC IC chip, also the name and function of each pin is tabulated in
Table 6.1.
Table 6.1: PIC Pin Mapping
Pin Number Pin Name Function
1 Port A Bidirectional pin I/O
2 Port A Bidirectional pin I/O
Bidirectional pin I/O, TOCK1 which
3 Port A
functions as a timer
4 MCLR Reset System (0 to active)
5 VSS 0 Volt (GND)
6 Port B Bidirectional pin I/O, Interrupt input
7 Port B Bidirectional pin I/O
8 Port B Bidirectional pin I/O
9 Port B Bidirectional pin I/O
10 Port B Bidirectional pin I/O
11 Port B Bidirectional pin I/O
12 Port B Bidirectional pin I/O
13 Port B Bidirectional pin I/O
14 VDD +5 Volt (biasing)
15 OSC2 Crystal Terminal (Oscillator)
16 OSC1 Crystal Terminal (Oscillator)
17 Port A Bidirectional pin I/O Figure 6.1: PIC Micro Controller
18 Port A Bidirectional pin I/O
6.1.3 Synthesizer‐Mobile Detector Controlling System
PIC microcontroller can be programmed using Assembly or C language. In this project the
program is using C language because it’s easy to understand and implement, (see Appendix C)
that contains the PIC program instruction set. In Figure 6.3 shows the flow chart of PIC
microcontroller to control the Mobile detector cyclic check sensing.
This program performed to check the logic level coming from mobile detector. If the logic level
input to PIC terminals is high the PIC will give a low logic level to enable the synthesizer and vice
versa. The calling detector provides trigger that indicates about there is a mobile phone in the
restricted area or not as shown in Figure 6.2.
45
57. 6.2 Computer Ports Interfacing
Ports are used to make a connection between PC and the external devices this connection
(interface) is called input‐output ports. There are two types of ports the first one is serial port
and the second is parallel ports, in this project the parallel port is used to interface the
synthesizer.
6.2.1 Parallel Ports
The parallel interfacing is the most commonly used for interfacing with many devices including
microcontroller unit (MCU), microprocessor unit (MPU) and peripheral devices. The main
property that differs the parallel interfacing from another type of interfacing is that a number
of bit (not equal one) can be transmitted or received at the same time. Parallel port in the PC is
one of devices that use parallel interfacing; Figure 6.4 shows that this port is composed of eight
data line, four control lines and five status lines [23].
Figure 6.4: Parallel port pin names
The output of parallel port is normally transistor logic (TTL) logic voltage levels. The pins in the
parallel port can be sink or source of current which varies from port to port. Most parallel ports
48
59. Chapter
7
CONCLUSIONS AND FUTURE
RECOMMENDATIONS
7.1 Conclusions
This project is designed to be an intelligent jamming system for GSM‐900 and DCS‐1800
systems with an ability to be controlled by computer and to have a standby mode.
The main stages in the system are completed successfully; such as the IF stage, and the RF
stage components are imported and it will be implemented on printed circuit board (PCB) in
the earlier future.
The main problems were in RF stage, because the dealing with the high frequency signal
needs special components such as surface mount (SMD) capacitors and resisters, also the PCB
needs microstrip lines, so the problems appear in matching the stages with each other; where
sometimes a power attenuator between two stages was needed.
The coverage area of the calling detector was not sufficient; so an in improvement must be
done to give the needed coverage.
There is a problem appears in determining the controller channel that may be changes due to
power level, so the system must be configured to block the controller channel with its
neighbors.
50
60.
This signal must have an essential level of power equal to 34dBm to satisfy the jamming
condition.
7.2 Future Recommendations
Until this point the present work suffered from the carrier system “Synthesizer”, there is no a
ready evaluation Kit provide frequency from 900‐1900 MHz. in future to improve and develop
this project it is recommended to explore the following ideas:
1. Study and learn the fabrication procedures of the RF PCB circuit or find an alternative
method to build frequency synthesizer. In addition find the required equipments to
build the RF PCB’s.
2. Design and implement a microprocessor system to control the frequency synthesizer
directly without the PC.
3. Rebuild and arrange the system package in such a way to minimize the overall system
size.
4. Improve the calling detector range to detect the mobiles in wider area.
5. Research about the ability to jam specific calls and allows other important calls like
emergency numbers to pass.
51
61. I
References
[1]: LAWRENCE HARTE AND DAVID BOWLER, “Introduction To Mobile Telephone Systems
Wireless Technologies And Services”, 2004.
[2]: MOTOROLA, Introduction to digital cellular, for training professional only. 2001
[3]: HUAWEI Co., “UMNIAH Company Manuals”.
[4]: ERICSSON, “open information user descriptions about frequency hopping”.
[5]: RICHARD A.POISEL, “Modern Communications Jamming Principles and Techniques”,
ARTECH House, 2004.
[6]: DONALD A. NEAMEN, “Electronic Circuit Analysis and Design”, john Willey, 2nd edition.
[7]: Devendra K.Misra, “Radio frequency and Microwave communication Circuit Analysis and
Design”.
[8]: Joseph J. Carr, “Secrets of RF Circuit Design”, 2nd edition
[9]: JASON BREITBARTH B.S. Electrical Engineering, “OCTAVE TUNING, HIGH FREQUENCY
VARACTOR OSCILLATOR DESIGN”,Oregon State University, 1997.
[10]: MAXIM 038, “High‐Frequency Waveform Generator data sheet”, 2007
[11]: Analog devices ADF4157,”6 GHz Fractional‐N Frequency Synthesizer data sheet”, 2006
[12]: Rfbayinc Products, “MXR‐20 RF Mixer”
[13]: B.P.Lathi, “Modern digital and analog communication Systems”, 3rd edition
[14]: MICROLAB/FXR, “choosing splitter”, A Wireless Telecom Group Company
[15]: NEC devices PG2214TB, “GaAs INTEGRATED CIRCUIT SPDT Switch”
[16]: Horst Fischer, Frank Henkel, Michael Engels, Peter Waldow,” UMTS/GSM MULTI MODE
RECEIVER DESIGN”, IMST GmbH, Carl‐Friedrich‐Gauss‐Str. 2, 47475 Kamp‐Lintfort,
Germany
[17]: Glover and Grant, “Digital Communications”, 2nd edition
[18]: Rfbayinc Products, “MPA‐19‐20 Power Amplifier”
[19]: Rfbayinc Products, “MPA‐0925 Power Amplifier”
62. II
[20]: Nearson Antennas, “Multiple Band Swivel Antenna”, 2007
[21]: Ericson TEMS, “TEMS Pocket GSM T68i user manual”, 2003
[22]: A. Salhot, Abdallah, “PICMicro MCU microcontroller Programming”, 2006 Amman
[23]: Dhananjay, “Programming the Parallel Port”, 1998
63. 1
APPENDIX A
Lists of GSM abbreviations
A
ARFCN Absolute Radio Frequency Channel Number: An integer which defines the absolute RF
channel number
AUC Authentication Centre: A GSM network entity which provides the functionality for verifying the
identity of an MS when requested by the system often a part of the HLR.
B
BC broadcast control
BCCH broadcast control channel
BS base station
BSC base station controller
BSS base station system
BTS base transceiver station
C
CA Cell Allocation: The radio frequency channels allocated to a particular cell
D
DCS1800 digital cellular network at 1800 MHz
E
EIR equipment identity register
EGSM900 Extended GSM900
F
FDMA frequency division multiple access
FH frequency hopping
64. 2
APPENDIX A
G
GPRS general packet radio service
GSM global system for mobile communications
GSM MS GSM mobile station
H
HLR home location register
HR Half rate: Refers to a type of data channel that will double the current GSM air interface capacity
to 16 simultaneous calls per carrier (see also FR – Full Rate).
I
IMSI International Mobile Subscriber Identity Published mobile number (prior to ISDN) (see also
MSISDN) that uniquely identifies the subscription. It can serve as a key to derive subscriber
information such as directory number(s) from the HLR.
L
LR location registration
LAPDm Link Access Protocol on the Dm channel
M
MS mobile station
MSC mobile switching centre
Multiframe Two types of multiframe are defined in the system: a 26-frame multiframe with a period of
120 ms and a 51-frame multiframe with a period of 3060/13 msec
O
OMC Operations and Maintenance Centre the OMC node of the GSM TMN provides dynamic O&M
monitoring and control of the PLMN nodes operating in the geographical area controlled by the
specific OMC.
65. 3
APPENDIX A
P
PIN personal identification number
PSTN public switched telephone network
Pegging modifying a statistical value
R
RACH random access channel
S
SDCCH stand alone control channel
T
TDMA time division multiple access
TA Time Advance
TCH Traffic Channel GSM logical channels which carry either encoded speech or user data
Timeslot the multiplex subdivision in which voice and signaling bits are sent over the air. Each RF
carrier is divided into 8 timeslots
TRX Transceiver
V
VLR visitor location register