Full Report
Full Report
1. Introduction ………………………………………………………………5
2. Operation ………………………………………………………………….6
3. Jamming Techniques…………………………………………………….....9
3.1 Spoofing
3.2 Shielding Attacks
3.3 Denial of Service
5. System Design……………………………………………………………..12
5.1 Power calculations
5.2 Parts of the jammer device
5.2.1 The Power supply
5.2.2 Circuit diagram of mobile jammer
5.2.3 The IF- section
5.2.3 The RF-Section
1
6. Appendix ……………………………………………………………. 28
6.1 Parts
6.2 The layout of the jammer
7. Performance Analysis…………………………………………………30
7.1PCB making
7.2Testing & Troubleshooting
8 Applications…………………………………………………………….36
9 Advantages……………………………………………………………..36
10 Disadvantages……………………………………………………………..
12 Result…………………………………………………………………..37
13 Conclusion……………………………………………………………38
14. Referances…………………………………………………………....39
A. LIST OF ABBREVIATIONS
2
B. LIST OF SYMBOLS
SYMBOL NAME
Resistor
Capacitor
Diode
Oscillator
Ground
3
C. LIST OF FIGURES
4
D. ABSTRACT
Phase one: studying the GSM-system to find the best jamming technique, establishing
the system design and selecting suitable components.
Phase two: buying all the needed components, drawing the overall schematics,
fabricating the PCB layout, assembling the devices, performing some measurements and
finally testing the mobile jammer.
The designed jammer was successful in jamming the nine carriers in India as will be
5
1.INTRODUCTION
Communication jamming devices were first developed and used by military. This
interest comes from the fundamental objective of denying the successful transport of
information from the sender (tactical commanders) to the receiver (the army personnel), and
vice-versa. Nowadays, mobile (or cell) phones are becoming essential tools in our daily life.
Here in India, for example, with a rather high population, nine cell phone carries are
available; namely; Airtel, Bsnl, Idea, Vodafone, Tata Docomo, Tata Indicom, Reliance,
Uninor & Vargin. They use the GSM 900 system, while the Tata indicom, Reliance, Vargin
uses the GSM 1800 system. Needless to say, the wide use of mobile phones could create
some problems as the sound of ringing becomes annoying or disrupting. This could happen in
some places like conference rooms, law courts, libraries, lecture rooms and mosques. One
way to stop these disrupting ringings is to install a device in such places which will inhibit
the use of mobiles, i.e., make them obsolete. Such a device is known as cell phone jammer or
"MOBILE jammer", which is basically some kind of electronic countermeasure device. The
technology behind cell phone jamming is very simple. The jamming device broadcasts an RF
signal in the frequency range reserved for cell phones that interferes with the cell phone
signal, which results in a "no network available" display on the cell phone screen. All
phones within the effective radius of the jammer are silenced. It should be mentioned that cell
phone jammers are illegal devices in most countries. According to the Federal
Communications Commission (FCC) in the USA: "The manufacture, importation, sale, or
offer for sale, of devices designed to block or jam wireless transmissions is prohibited".
However, recently, there has been an increasing demand for portable cell phone jammers. We
should mention that this project, presented in this report, is solely done for educational
purposes. There is no intention to manufacture or sell such devices in India, or elsewhere. In
this project, a device that will jam both GSM 900 and GSM 1800 services will be designed,
built, and tested.
5
6
2. OPERATION
Jamming devices overpower the cell phone by transmitting a signal on the same
frequency as the cell phone and at a high enough power that the two signals collide and
canceleach other out. Cell phones are designed to add power if they experience low-level
interference, so the jammer must recognize and match the power increase from the phone.
Cell phones are full-duplex devices, which mean they use two separate frequencies, one for
talking and one for listening simultaneously. Some jammers block only one of the
frequencies used by cell phones, which has the effect of blocking both. The phone is tricked
into thinking there is no service because it can receive only one of the frequencies. Less
complex devices block only one group of frequencies, while sophisticated jammers can block
several types of networks at once to head off dual-mode or tri-mode phones that
automatically switch among different network types to find an open signal. Some of the high-
end devices block all frequencies at once and others can be tuned to specific frequencies. To
jam a cell phone, all you need is a device that broadcasts on the correct frequencies.
Although different cellular systems process signals differently, all cell-phone networks use
radio signals that can be interrupted. GSM, used in digital cellular and PCS-based systems,
operates in the 900-MHz and 1800-MHz bands in Europe and Asia and in the 1900-MHz
(sometimes referred to as 1.9-GHz) band in the United States. Jammers can broadcast on any
frequency and are effective against AMPS, CDMA, TDMA, GSM, PCS, DCS, iDEN and
Nextel systems. Old fashioned analog cell phones and today's digital devices are equally
susceptible to jamming. Disrupting a cell phone is the same as jamming any other type of
radio communication. A cell phone works by communicating with its service network
through a cell tower or base station. Cell towers divide a city into small areas, or cells. As a
cell phone user drives down the street, the signal is handed from tower to tower.
7
A jamming device transmits on the same radio frequencies as the cell
phone, disrupting the communication between the phone and the cell-
phone base station in the town
.
Fig2.2 operation in on condition
It's a called a denial-of-service attack. The jammer denies service of the radio
spectrum to the cell-phone users within range of the jamming device. Older jammers
sometimes were limited to working on phones using only analog or older digital mobile
phone standards.
Newer models such as the double and triple band jammers can block all widely used
systems (AMPS, iDEN, GSM, etc) and are even very effective against newer phones which
hop to different frequencies and systems when interfered with. As the dominant network
technology and frequencies used for mobile phones vary worldwide, some work only in
specific regions such as Europe or North America.
The power of the jammer's effect can vary widely based on factors such as proximity
to towers, indoor and outdoor settings, presence of buildings and landscape, even temperature
and humidity play a role. There are concerns that crudely designed jammers may disrupt the
functioning of medical devices such as pacemakers. However, like cell phones, most of the
devices in common use operate at low enough power output (<1W) to avoid causing any
problems.
8
3. Jamming Techniques
There are several ways to jam an RF device. The three most common techniques can
be categorized as follows:
3.1 Spoofing
In this kind of jamming, the device forces the mobile to turn off itself. This type is
very difficult to be implemented since the jamming device first detects any mobile phone in a
specific area, then the device sends the signal to disable the mobile phone. Some types of this
technique can detect if a nearby mobile phone is there and sends a message to tell the user to
switch the phone to the silent mode (Intelligent Beacon Disablers).
This is known as TEMPEST or EMF shielding. This kind requires closing an area in a
faraday cage so that any device inside this cage can not transmit or receive RF signal from
outside of the cage. This area can be as large as buildings, for example.
This technique is referred to DOS. In this technique, the device transmits a noise
signal at the same operating frequency of the mobile phone in order to decrease the signal-to-
noise ratio (SNR) of the mobile under its minimum value. This kind of jamming technique is
the simplest one since the device is always on. Our device is of this type.
4. Design Parameters
9
4.1 The distance to be jammed (D)
UPLINK DOWNLINK
(Handset Transmit) (Handset Receive)
GSM 900 890 – 915 MHZ 935 – 960 MHZ
DCS 1800 1710 – 1785 MHZ 1805 – 1880 MHZ
In our design, the jamming frequency must be the same as the downlink,
because it needs lower power to do jamming than the uplink range and
there is no need to jam the base station itself. So, our frequency design will
be as follows:
10
where: Pj=jammer power, Gjr= antenna gain from jammer to receiver,
Grj=antenna gain from receiver to jammer, Rtr=range between
communication transmitter and receiver, Br=communication receiver
bandwidth, Lr =communication signal loss, Pt=transmitter power, Gtr=
antenna gain from transmitter to receiver, Grt=antenna gain from receiver
to transmitter, Rjr=range between jammer and communication receiver,
Bj=jammer bandwidth, and Lj=jamming signal loss.
For GSM, the specified system SNRmin is 9 dB which will be used as the
worst case scenario for the jammer. The maximum power at the mobile
device Pr is -15 dBm.
The maximum free space loss (worst case F) happens when the maximum
frequency is used in the above equation. Using 1880 MHz gives:
F (dB) =32.44+20 log 0.01 + 20 log 1880 which gives F =58 dB.
11
where: Pj=jammer power, Gjr= antenna gain from jammer to receiver, Grj=antenna gain from
receiver to jammer, Rtr=range between communication transmitter and receiver,
Br=communication receiver bandwidth, Lr =communication signal loss, Pt=transmitter
power, Gtr= antenna gain from transmitter to receiver, Grt=antenna gain from receiver to
transmitter, Rjr=range between jammer and communication receiver, Bj=jammer bandwidth,
and Lj=jamming signal loss. For GSM, the specified system SNRmin is 9 dB which will be
used as the worst case scenario for the jammer. The maximum power at the mobile device Pr
is -15 dBm.
The maximum free space loss (worst case F) happens when the maximum
frequency is used in the above equation. Using 1880 MHz gives:
F (dB) =32.44+20 log 0.01 + 20 log 1880 which gives F =58 dB.
5. System Design
12
5.2 Parts of the jammer device
This is used to supply the other sections with the needed voltages.
Any power supply consists of the following main parts:
The Filter: Used to eliminate the fluctuations in the output of the full
wave rectifier “eliminate the noise” so that a constant DC voltage is
produced. This filter is just a large capacitor used to minimize the ripple in
the output.
13
Figure 2 shows the general parts of the power supply.
In our project we need 12, -12, 5 and -5 volt. We found that the PC power
supply can provide all the voltages that we need in the jammer, so we
bought one.
The main use of the triangle wave is to sweep the VCO through
the desired frequency range. We want to cover the downlink through our
VCO, i.e., 935-960 MHZ for VCO66CL, & 1805-1880 MHZ for
VCO55BE.
In our design, we will use 555timer IC operating in the astable mode
to generate the sweeping signal. The output frequency depends on the
charging & discharging of the capacitor, resistor values & the power
supply for the IC. Figure 3 shows how we can use the 555timer in the
general astable mode
14
Figure 5.3 A-stable 555timer.
The charging time for the capacitor can be found as follows:
In our project, we need to get the duty cycle (D.C.) equal to 50% which
means the time needed for charging equals the discharging time. This can
be done by using Ra=Rb and placing a diode across Rb. The following
equation shows the output frequency:
Figure 4 shows the connection for the A-stable mode with D.C.=50%.
15
The output
wave
VCC/3
2VCC
In our project, we used Ra=Rb=750 Ω with C=0.1 μF, then the output
frequency is 10 KHz Since we use +12 V (Vcc), the output signal will be
bounded from 4 V (Vcc/3) to 8 V (2Vcc/3). Figure 5 shows all the
components used to generate the triangular wave. The output is shown in
figure 6.
This capacitor is
used to Remove
the DC signal
With C=0.1μF
16
2. Noise generation
5.
6. Figure 7 The noise generation.
7.
17
8. Figure 8 The generated noise signal.
Mixer
The mixer here is just an amplifier that operates as a summer. So,
the noise and triangular wave will add together before entering
the VCO. The LM741 IC was used to achieve this.
Voutput= (-Rf/R1) V1 +
(-Rf/R2) V2
Voutput=-(V1+2V2)
18
Clamper
The input of the VCO must be bounded from 0 to 3.5 V to get the
needed frequency range. So, we need to add a clamper to get our
goal. The clamper consists of a capacitor connected in series with a
resistor and diode, as shown in Figure 10
.
Then, the sweep signal that will sweep the RF-section is as shown in
Figure 11. The tuning signal is highly noisy as seen in Figure 11. The
whole IF-Section is seen in Figure 12. The IF-section schematic is shown
in Figure 13.
19
CIRCUIT DIAGRAM OF IF SECTION OF MOBILE JAMMER
20
Noise generation
21
Mixer
The mixer here is just an amplifier that operates as a summer. So, the noise
and triangular wave will add together before entering the VCO. The
LM741 IC was used to achieve this.
Voutput= (-Rf/R1) V1 +
(-Rf/R2) V2
Voutput=-(V1+2V2)
Using Rnoise =1 KΩ, we amplify the noise signal by 2. In this case, the ratio
of the noise to the sweep signal is 2:1.
Clamper
The input of the VCO must be bounded from 0 to 3.5 V to get the needed
frequency range. So, we need to add a clamper to get our goal. The
clamper consists of a capacitor connected in series with a resistor and
diode, as shown in Figure 10
.
Figure 10 Diode clamper.
Then, the sweep signal that will sweep the RF-section is as shown in
Figure 11. The tuning signal is highly noisy as seen in Figure 11. The
whole IF-Section is seen in Figure 12. The IF-section schematic is shown
in Figure 13.
22
Figure 11 Tuning signal.
20
23
CIRCUIT DIAGRAM OF IF SECTION OF MOBILE
JAMMER
24
5.2.3 The RF-Section
This is the most important part of the jammer, since the output of this section will be
interfacing with the mobile. The RF-section consists of three main parts: voltage controlled
oscillator VCO, power amplifier and antenna.
The voltage controlled oscillator (VCO) is the heart of the RF-section. It is the device
that generates the RF signal which will interfere with the cell phone. The output of the VCO
has a frequency which is proportional to the input voltage, thus, we can control the output
frequency by changing the input voltage. When the input voltage is DC, the output is a
specific frequency, while if the input is a triangular waveform, the output will span a specific
frequency range. In our design, we need to find a VCO for GSM 900 and GSM 1800. There
are three selection criteria for selecting a VCO for this application. Most importantly, it
should cover the bands that we need, secondly, it should be readily available at low cost, and
finally, it should run at low power consumption. Moreover, we need to minimize the size of
GSM-jammer. So, we started to search through the internet for VCO's that work for GSM
900 & GSM 1800 bands.
25
22
Finally, we found the following VCO IC’s:-
CVCO55BE; this is for GSM 1800. The output frequency is 1785-1900 MHz and the output
power is up to 5 dBm.
CVCO55CL; this is for GSM 900. The output frequency is 925-970 MHz and the output
power is up to 8 dBm.
26
not indicated in the datasheets. This result was really a big shock, but easily solved by
changing the whole RF design. The new design uses two power amplifier IC’s instead of one
amplifier.
Figure 16 shows the two designs for the RF-Section.
27
Antenna:
A proper antenna is necessary to transmit the jamming signal. In order to
have optimal power transfer, the antenna system must be matched to the
transmission system. In this project, we used two 1/4 wavelength
monopole antennas, with 50 Ω input impedance so that the antennas are
matched to the system. We used monopole antenna since the radiation
pattern is omni-directional. Figure 17 shows the DCS 1800 antenna, while
Figure 18 shows the GSM 900 antenna.
24
Specifications:
Frequency: 1700-1900MHz
Input impedance 50Ω
VSWR<2
Specifications:
Frequency: 850MHz-1GHz
Input impedance 50Ω
28
Figure 19 shows the RF-Section. The
Figure 18 The GSM 900 antenna.
traces in the RF-section were designed to get 50 Ω impedance to insure
matching between the IC’s and the board.
26
29
A picture of the whole jammer device is shown in Figure 21. The
dimensions for the jammer are clearly seen in Figure 22. It is such a cute,
small and portable device!
30
6. Appendix
6.1 Parts
Capacitor 10
555 timer IC 1
LM741 1
IF section
LM386 1
Zener Diode 1
6.8 v
Diode 2
PCB COPPER 1
CLAD 6*9”
2-SIDE
OSC VCO -
925-970MHz
RF section SMD .5X.5”
OSC VCO -
1785-
1900MHz
SMD .5X.5”
PF08109B 2
Power
Amplifier
31
28
6.2 The layout of the jammer
- Dimensions are in mm.
- Drawing not to scale.
32
29
7. PERFORMANCE ANALYSES
33
Rigid printed circuit boards of double sided type are having
conducting foil bounded to both sides of the insulating based material.
These PCB’s are employed when circuit complexities made it difficult to
design wiring layouts on one side only.
ARTWORK: -
Perfect artwork is the most important in the production of PCB. There
are some several methods of producing quality artwork. Skills & patience
are the basic assets of artwork designers. One common method is as
follows.
Ink drawing method: -
The required material are cardboard paper, good quality Indian ink
& an ink pen either directly or as double lines, which are there after filled
with ink. Basically screen printing processes is very simple. A screen
fabric with uniform mesh & opening is stretched & it is fluxed on the solid
like wood or metal.
The circuit pattern is photographically transferred on the screen such that
originally the screen can pass the print easily, after the transformation of
the circuit pattern passes print easily in the actual printing step ink is
forced by moving squeegee through the open mesh on the surface of the
material to be printed. By the above procedure we have completed artwork
on the PCB.After screen-printing work PCB is ready for etching & further
processes.
34
DRILLING: -
ETCHING: -
Etching is process by which unnecessary copper clad is
chemically washed out. Solution of Fecl3 is the commonly used chemical
for etching process because it has short etching time this means copper
dissolve in solution by producing the precipitate of copper chloride &
ferrous chloride. The chemical reaction is as follows: -
2fecl3+cu=cucl2+2fecl2
Ferric chloride is a cheap & least
35
7.2 TESTING & TROUBLESHOOTING
Check that component agree with the parts list (value and power of
resistors, value and voltage rating of capacitor, etc.) if in any doubt
double check the polarized components (diodes, capacitor, rectifiers
etc)
If there is a significant time elapse between circuit, take the trouble
to read the article; the information is often given in a very condensed
from. Try to get most important point out of the description of the
operation of the circuit, even if you don’t understand exactly what is
supposed to happen.
If there is any doubt that some component may not be exact
equivalent, check that they are compatible.
Only use good quality IC sockets.
Check the continuity of the tracks on the PCB (and through plated
holes with double sided boards) with a resistance meter or continuity
tester.
Make sure that all drilling, filling and other ‘heavy’ work is done
before mounting any components.
If possible keep any heat sinks well isolated from other components.
Make a wiring diagram if the layout involves lots of wires spread out
in all directions.
Check that the connectors used are compatible and that they are
mounted the right way round.
36
Do not reuse wire unless it is of good quality. Cut off the ends and
strip it a new.
35
38
8. APPLICATIONS
39
9. ADVANTAGES:-
36
40
10. RESULT
As we tested our jamming device, the result was a full success. The
device was able to jam the nine cell phone carriers: Airtel, Bsnl, Idea,
Vodafone, Tata Docomo, Tata Indicom, Reliance, Uninor &
Vargin. The effective jamming range was around 30 meters. This is
more than what it was designed for. The reason is that in our
calculations, we considered the worst case of having the cell phone
close to the base station. It is expected that as the distance between the
cell phone and the base station increases, the effective jamming
distance will increase. This is due to the fact that the amount of power
reaching the cell phone from the base station decreases as the cell
phone moves farther from the base station. The Figure in the next page
shows the results. It can be clearly seen that the signal is "ON" when
the jammer is "OFF", while the signal disappears when the jammer is
"ON".
41
11. FUTURE DEVELOPMENTS
The following modifications can be made to the present circuit,
which leads to still smarter project.
One can add many regional frequency bands to the present system
without much change in the hardware. The Microcontroller chip’s
software can be upgraded to handle the entire added frequency
channel with the help of suitable RF Transmitter.
This project is open for developments from all sides. It is the users’
imagination which limits the working of this project. One can go on
adding the extra, rich features to this project.
37
42
11. CONCLUSION
43
12. References
Web-site:-
1. www.scribd.com
2. www.datashitecatalog.com
3. www.eaglieb.exem.net
4. www.icic.com
5. www.digikey.com
6. www.electronicsfroum.com
7. www.howstuffwork.com
Books:-
1. Rick Hartley, RF / Microwave PC Board Design and Layout,
Avionics Systems.
2. John Scourias, Overview of the Global System for Mobile
Communications, University of Waterloo.
3. Ahmed Jisrawi, "GSM 900 Mobile Jammer", undergrad project,
JUST, 2006.
44
45
46
47