#hack FAQ Home | Computers | Data Networks | Wireless Networks | Telephony | Mobile Telephony
Radio | Television | Resources | 2600 | Smart Cards and Magnetic Cards | Miscellaneous

Section E -- Mobile Telephony

E-01. How many types of mobile telephone systems are there?

The mainstream mobile telephone systems in the last twenty five years have been:

YearMobile Telephone System
1981Nordic Mobile Telephone (NMT)
1983Advanced Mobile Phone System (AMPS)
1985Total Access Communication Systems (TACS)
1986Nordic Mobile Telephony (NMT)
1991American Digital Cellular (ADC)
1991Global System for Mobile Communication (GSM)
1992Digital Cellular System (DCS) 1800
1994Japanese Personal Digital Cellular (PDC)
1995Personal Communications Service (PCS) 1900 - Canada
1996Personal Communications Service (PCS) - USA

Mobile telephone systems are either analog or they are digital. In analog systems, voice messages are transmitted as sound waves. When you speak into an analog mobile telephone, your voice wave is linked to a radio wave and transmitted. In digital systems, voice messages are transmitted as a stream of zeroes and ones. When you speak into a digital mobile telephone, your voice wave is converted into a binary pattern before being transmitted.

Mobile telephone system all utilize some method to allow multiple users to share the system concurrently. The three methods for doing this are:

FDMFrequency Division Multiplexing
TDMATime Division Multiple Access
CDMACode Division Multiple Access

In a FDM system, the available frequency is divided into channels. Each conversation is given a channel. When the system runs out of channels in a given area, no more telephone calls can be connected. In this way, FDM operates much like the channel button on your television set. The AMPS and NAMPS systems utilize FDM.

In a TDMA system, your encoded voice is digitized and then placed on a radio-frequency (RF) channel with other calls. This is accomplished by allocating time slots to each call within the freuqncy. In the D-AMPS (Digital AMPS) system, each 30kHz carrier frequency is divided into three time slots. In the GSM and PCS systems, each 200kHz carrier is divided into eight time slots. The D-AMPS, D-AMPS 1900, GSM, PCS and iDEN systems all utilize TDMA.

In a CDMA system, your encoded voice is digitized and divided into packets. These packets are tagged with "codes." The packets then mix with all of the other packets of traffic in the local CDMA network as they are routed towards their destination. The receiving system only accepts the packets with the codes destined for it.

Analog systems are FDM. Digital systems can utilize either TDMA or CDMA.

FDM systems typically allow one call per 10Khz or 30Khz of spectrum. Early TDMA systems tripled the capacity of FDM systems. Recent advances in TDMA promise to provide forty times the carrying capacity of FDM systems. CDMA promises to improve on the results of TDMA.

Before there were cellular telephone systems, there was MTS (Mobile Telephone Service) and IMTS (Improved Mobile Telephone Service). These early systems have ceased operations.

Many mobile telephone systems exist outside the United States, including NMT, TACS/ETACS, and JTACS. New systems are constantly in development.

E-02. What are AMPS (EIA/TIA-553) and NAMPS (IS-91)?

Mobile Frequency RangeRx: 869-894; Tx 824-849
Multiple Access MethodFDM
Duplex MethodFDD
Number of Channels832
Channel Spacing30kHz

AMPS (Advanced Mobile Phone Service) was the first cellular mobile system in the United States. AMPS operates as an analog system using 30 kHz wide channels. AMPS was later enhanced to NAMPS (Narrowband Advanced Mobile Phone Service), a version of AMPS that uses 10 kHz channels and by doing so triples cellular capacity.

Europeans often refer to AMPS as "American Mobile Phone Service." Digital cellular equipment manufacturers and carriers often refer to AMPS as "Analog Mobile Phone Service."

AMPS is defined in the EIA/TIA-553 standards. NAMPS is defined in the TIA/EIA/IS-91 standard.

AT&T Wireless operates a NAMPS network in the United States.

E-03. What is a MTSO?

MTSO stands for Mobile Telephone Switching Office. The MTSO is the switching office that connects all of the individual cell towers to the Central Office (CO).

The MTSO is responsible for monitoring the relative signal strength of your cellular phone as reported by each of the cell towers, and switching your conversation to the cell tower which will give you the best possible reception.

E-04. What is a NAM?

NAM stands for Number Assignment Module. The NAM is the EPROM that holds information such as the MIN and SIDH. Cellular fraud is committed by modifying the information stored in this component.

E-05. What is an ESN?

ESN stands for Electronic Serial Number. The is the serial number of your cellular telephone which is transmitted to the cell site, and used in conjuction with the NAM to verify that you are a legitimate user on the system.

E-06. What is a MIN?

MIN stands for Mobile Identification Number. This is the phone number of the cellular telephone.

E-07. What is a SCM?

SCM stands for Station Class Mark. The SCM is a 4 bit number which holds three different pieces of information. Your cellular telephone transmits this information (and more) to the cell tower. Bit 1 of the SCM tells the cell tower whether your cellphone uses the older 666 channel cellular system, or the newer 832 channel cellular system. The expansion to 832 channels occured in 1988. Bit 2 tells the cellular system whether your cellular telephone is a mobile unit or a voice activated cellular telephone. Bit's 3 and 4 tell the cell tower what power your cellular telephone should be transmitting on.

Bit 1:
0 == 666 channels
1 == 832 channels

Bit 2:
0 == Mobile cellular telephone
1 == Voice activated cellular telephone

Bit 3/4:
00 == 3.0 watts (Mobiles)
01 == 1.2 watts (Transportables)
10 == .06 watts (Portables)
11 == Reserved for future use

E-08. What is a SIDH?

SIDH stands for System Identification for Home System. The SIDH in your cellular telephone tells the cellular system what system your cellular service originates from. This is used in roaming (making cellular calls when in an area not served by your cellular provider).

Every geographical region has two SIDH codes, one for the wireline carrier and one for the nonwireline carrier. These are the two companies that are legally allowed to provide cellular telephone service in that region. The wireline carrier is usually your local telephone company, while the nonwireline carrier will be another company. The SIDH for the wireline carrier is always an even number, while the SIDH for the nonwireline carrier is always an odd number. The wireline carrier is also known as the Side-B carrier and the non-wireline carrier is also known as the Side-A carrier.

SIDH is often abbreviated to SID.

E-09. What are the forward/reverse channels?

Forward channels are the frequencies the cell towers use to talk to your cellular telephone. Reverse channels are the frequencies your cellular telephone uses to talk to the cell towers.

The forward channel is 45 mhz above the reverse channel. For example, if the reverse channel is at 824 mhz, the forward channel would be at 869 mhz.

E-10. What are IS-54 and IS-136?

Mobile Frequency RangeRx: 869-894; Tx: 824-849
Multiple Access MethodTDMA/FDM
Duplex MethodFDD
Number of Channels832 (3 users per channel)
Channel Spacing30Khz
Channel Bit Rate48.6Kb

IS-54 and IS-136 are standards for TDMA American Digital Cellular.

E-11. What is IS-95?

Mobile Frequency RangeRx: 869-894; Tx: 824-849
Multiple Access MethodCDMA/FDM
Duplex MethodFDD
Number of Channels20 (798 users per channel)
Channel Spacing1250kHz
Channel Bit Rate1.2288Mb

TIA/EIA-95 is a standard for CDMA Digital Cellular.

E-12. What is GSM?

Mobile Frequency RangeRx: 925-960; Tx: 880-915
Multiple Access MethodTDMA/FDM
Duplex MethodFDD
Number of Channels124 (8 users per channel)
Channel Spacing200kHz
ModulationGMSK (0.3 Gaussian Filter)
Channel Bit Rate270.833Kb

GSM (Global System for Mobile communication) is a digital mobile telephone system that is widely used in Europe and other parts of the world. GSM uses a variation of Time Division Multiple Access (TDMA) and is the most widely used of the three digital wireless telephone technologies (TDMA, GSM, and CDMA). GSM digitizes and compresses data, then sends it down a channel with two other streams of user data, each in its own time slot. It operates at either the 900 MHz or 1,800 MHz frequency band.

GSM is the de facto wireless telephone standard in Europe. GSM over 750 million users worldwide and is available in 190 countries. Since many GSM network operators have roaming agreements with foreign operators, users can often continue to use their mobile phones when they travel to other countries.

GSM together with other technologies is part of an evolution of wireless mobile telemmunication that includes High-Speed Circuit-Switched Data (HCSD), General Packet Radio System (GPRS), Enhanced Data GSM Environment (EDGE), and Universal Mobile Telecommunications Service (UMTS).

T-Mobile, Cingular, and AT&T operate a GSM networks in the United States on the 1,900Mhz band. GSM networks in other countries operate at 900Mhz, 1,800Mhz, or 1,900Mhz.

For information on GSM security, visit http://www.gsmsecurity.com

E-13. What is PCS?

PCS (Personal Communications Service) is a set of standards. Most PCS standard are based on an existing standard. PCS is little more than the operation of these standards on the frequency bands of 1930-1990Mhz for receiving and 1850-1910Mhz for transmitting.

PCS StandardBase Standard
PACSPHS cordless
DCT-UDECT cordless
Composite CDMA/TDMAn/a

Sprint PCS operates a PCS network in the United States.

For more information on PCS, visit Personal Communications Service (PCS)at the International Engineering Consortium.

E-14. What is iDEN?

Mobile Frequency RangeTx: 806-821Mhz; Rx: 851-866Mhz
Multiple Access MethodTDMA
Duplex Method
Number of Channels30 (6 users per channel)
Channel Spacing25Khz
Channel Bit Rate

iDEN (Integrated Dispatch Enhanced Network) was developed by Nextel and Motorola. iDEN is a TDMA trunked radio system. Nextel operates an iDEN network in the United States.

For more information on iDEN, visit http://www.geocities.com/45peter/iden.html

#hack FAQ Home | Computers | Data Networks | Wireless Networks | Telephony | Mobile Telephony
Radio | Television | Resources | 2600 | Smart Cards and Magnetic Cards | Miscellaneous