jam mobile

7/28/2019 Jam Mobile

1/98

MOBILE SNIFFER AND JAMMER

A PROJECT REPORT

Submitted by

D.KARTHIK (41501105017)

KRITIKA.P.ATMARAM(41501105031)

ROHINI N.MAJUMDAR (41501105061)

K.SUDEEPTHI (41501105074)

in partial fulfillment for the award of the degree

of

BACHELOR OF ENGINEERING

in

ELECTRICAL AND ELECTRONICS ENGINEERING

S.R.M. ENGINEERING COLLEGE,

KATTANKULATHUR-603 203, KANCHEEPURAM DISTRICT.

ANNA UNIVERSITY : CHENNAI - 600 025

MAY 2005


2/98

BONAFIDE CERTIFICATE

Certified that this project report " MOBILE SNIFFER AND JAMMER is the

bonafide work of D.KARTHIK (41501105017)

KRITIKA.P.ATMARAM(41501105031) ROHINI.N.MAJUMDAR

(41501105061) K.SUDEEPTHI (41501105074) who carried out the project work

under my supervision.

Dr.G.SAMBANDAN Ms.M.KIRUTHIKA

HEAD OF THE DEPARTMENT SUPERVISOR

LECTURER

ELECTRICAL AND ELECTRICAL AND

ELECTRONICS ENGG. ELECTRONICS ENGG.

S.R.M.Engineering College S.R.M.Engineering College

Kattankulathur - 603 203 Kattankulathur - 603 203

Kancheepuram District Kancheepuram District

ABSTRACT

The final year project titled Mobile Sniffer And Jammer is one that primarily

detects any RF signal activity in the vicinity and jams or inhibits it.The project

consists of two modules i.e. the sniffer and the jammer.

RF SNIFFER CIRCUIT

The key component of the sniffer circuit is the detector diode. When a cell phone is in

use, it emits RF pulses and this detector diode detects it. Two such similar circuits are

coupled together to give a directional sense analogous to human ears. The above


3/98

circuit is operational to a range of one and half to two metres. Its operational

frequency range is around 900 MHz.

RF SIGNAL JAMMER

The cell phone jammer emits the same low frequency radio signals as cell phones,

neutralizing each others signal. The main component of this module is the voltage

control oscillator (VCO).The VCO sweeps the entire frequency range 805-900 MHz

depending upon the input which is a triangular waveform mixed with a noise signal.

The device is capable of inhibiting the RF activity within the frequency range.

TABLE OF CONTENTS

ABSTRACT iii

LIST OF TABLES

LIST OF FIGURES

Chapter 1 INTRODUCTION

1.1 AMPS System1.2 GSM : The European Standard1.3 GSM : Reference Architecture

1.3.1 Mobile Station (MS)1.3.2 Base Station (BS)1.3.3 Mobile Switching Center (MSC)1.3.4 Home Location Register (HLR)1.3.5 Visiting Location Register (VLR)1.3.6 Authentication Center (AC)1.3.7 Equipment Identity Register (EIR)

Chapter 2 HARDWARE DESCRIPTION

2.1 GENERAL2.1.1 Light Emitting Diode (LED)2.1.2 Zener Diode2.1.3 Schottky Barrier Diode2.1.4 Trimmer Potentiometer


4/98

2.1.5 Voltage Regulator2.1.6 Operational Amplifier

2.2 JAMMER HARDWARE2.2.1 Square Wave Generator2.2.2 Integrator2.2.3 Buffer2.2.4 Noise Generator2.2.5 Mixer2.2.6 Voltage Controlled Oscillator

2.3 RF SIGNAL JAMMER2.3.1 Operation

2.4 SNIFFER HARDWARE2.4.1 Detector2.4.2 Resonant Circuit2.4.3 Amplifier2.4.4 Audio Jack and Headphones

2.5 SNIFFER2.5.1 Operation

2.6 INTERFACE

Chapter 3 ANALYSES and SIMULATION

3.1 Analysis of Sniffer3.2 Analysis of Jammer3.3 Simulation Results

Chapter 4 APPLICATIONS

Chapter 5 COST EVALUATION and FURTHER DEVELOPMENTS

5.1 Cost Analysis5.2 Further developments

BIBLIOGRAPHY


5/98

APPENDICES

Data Sheets

CVCO55CL TL074 LM386 LM358 78L05 2N3904 IN5235 IN4148 BAT 43

LIST OF TABLES

List Of Components GSM/GPRS/HSCSD/EDGE (TDMA Formats) Siemens World Phone AMPS V-F values for CVCO55CL

LIST OF FIGURES

GSM Architecture : Block Diagram 7805 Packages 7805 Pin Details TL074- pin Details LM 358 Pin Details LM 386 Pin Details CVCO55CL Pin Details Square Wave Generator Circuit Diagram Integrator Circuit Diagram Buffer Circuit Diagram Mixer Circuit Diagram Noise Generator Circuit Diagram


6/98

Jammer Block Diagram Jammer Circuit Diagram Sniffer Block Diagram Sniffer Circuit Diagram Response of Rectifier in time and frequency domain Typical Diode Rectifier Response of Detector in time and frequency domain General diagram of Detector Characteristics of Diode Simulation Graphs Hardware Module Photographs

ACKNOWLEDGEMENT

We express our gratitude to the S.R.M Management for all the facilities made

available to us for completing our project. We thank Prof.R.Venkataramani,

Principal, S.R.M Engineering College for all the support he has given us.

We sincerely thank Dr.G.Sambandan, Head, Dept. of Electrical and

Electronics, S.R.M Engineering College for being a constant source of inspiration to

us.

We also thank Prof.R.Muthusubramanian, Vice-Principal, S.R.M

Engineering College for his guidance in the initial stages of the project.

We are highly indebted to our guide, Ms.M.Kiruthika, who willingly

accepted to guide us. We sincerely thank her for her inestimable counsel and

guidance.

We express our gratitude to the members of the Review Committee for their

valuable suggestions and constructive criticism. We thank them for their motivation,


7/98

which enabled us to complete our project. We are indebted to Ms.Shantha Priya and

Ms.M.Raji, our class-in-charges for their support.

We thank Mr.Shyam Sunder for his valuable suggestions and use of his

resources. Special thanks to our families for standing by us. Above all, we express our

gratitude to God.

LIST OF COMPONENTS

COMPONENT SPECIFICATION COST

(Rupees)

VOLTAGE CONTROL

OSCILLATOR

CVCO55CL-805-900 MHz 1200 approx

OP AMPS TL074,LM358,

LM 386

50

DIODES 1N4148,1N5235,BAT43 200

TRANSISTOR 2N3904

VOLTAGE REGULATOR LM7805 15

MISCELLANEOUS Resistors ,Capacitors 200

GSM / GPRS / HSCSD / EDGE (TDMA formats)

Mainly used in European, Asian, Latin America, and some parts of North America.

Description / BandMobile Station Frequencies

(MHz)

Base Station Frequencies

(MHz)

GSM 450 Band 450.4 - 457.6 460.4 - 567.6

GSM 480 Band 478.8 - 486.0 488.8 - 496.0

GSM 750 Band 777.0 - 792.0 747.0 - 762.0

GSM 850 Band 824.0 - 849.0 869.0 - 894.0

GSM 900 Band 890.0 - 915.0 935.0 - 960.0


8/98

GSM 900 Extended

Band880.0 - 915.0 925.0 - 960.0

GSM 900 Railway

Band876.0 - 915.0 921.0 - 960.0

DCS 1800 Band 1710.0 - 1785.0 1805.0 - 1880.0

PCS 1900 Band 1850.0 - 1910.0 1930.0 - 1990.0

AMPS SYSTEM

Parameters AMPS

Frequency Uplink 829 849 MHz

Downlink 869 894 MHz

Frequency Separation 45 MHz (Rx to Tx)

Channel Spacing 30 KHz

Number Of Channels 832 Full Duplex

Voice Transmission FM 8 KHz deviation

Data transmission FSK 10 kb/sa

8KHz deviation

Error Protection Code BCH

Mobile Tx Power 3 W nominal

Base station ERP 100 W/channel (max)

Legend:a: Manchester coding

BCH: Bose Chaudhury encoding

ERP: Effective Radiated Power

Tx: Transmitter

Rx: Receiver


9/98

Chapter 1 INTRODUCTION

Introduction

AMPS is a fully digital system utilizing 900 MHz frequency band. The Amps system

was developed by Bell labs in the mid 1970s the first AMPS system was tested in

Chicago in 1977-78.Cellular mobile services were licensed initially for 40 MHz

spectrum in the 800 MHz freq band. Subsequently another 10 MHz was added. In a

given licensing area, the spectrum was shared by two operators: the wireline common

carrier (WCC) & the radio common carrier (RCC).WCC: is the arm's length

subsidiary of a local exchange carrier, which provides local wired telephone service in

the licensing area.

Under the AMPS standard, which specifies a carrier spacing of 30 kHz , the 50 MHz

spectrum yields 832 full duplex channels with 416 channels each for the A-

band(RCC's) and the B - band (WCC's) operators in each licensing area. Out of these

416 channels, 21 channels are used as control or setup channels, with the remaining

395 channels for user traffic.

The North American AMPS system uses frequency modulation with 12 kHz deviation

for speech. Besides the data transmission on the signaling channel for call setup, dataalso are transferred on the speech or voice channel: a blank and burst technique is

used, where the voice signal is blanked for about 50 ms and a data burst of 10 kb/s is

inserted in the voice channel. This feature is used to alert a mobile about an

impending channel transfer for a handoff.

GSM : The European TDMA digital cellular standard.

The GSM standard was developed by the Group Special Mobile. The aim was to

design a uniform pan European mobile system to replace the existing analog systems.

Its features are :

TDMA over radio carriers (200 kHz spacing) user / terminal authentication for fraud control. encryption of speech and data transmissions over radio path.


10/98

support short message serviceGSM supports a range of basic and supplementary services. The most important

service supported is telephony.

GSM Reference Architecture :

Mobile Station(MS):

The mobile stations are portable telephony units that can be used on any GSM system.

At the time of manufacture, an international mobile equipment identity(IMEI) ,

which is not easily alterable, is programmed into the terminal.

A subscriber identity module (SIM) is required to activate and operate a GSM

terminal. It may be within the terminal or it maybe removable.The IMSI (international

mobile subscriber identity) is programmed into the SIM at the time of the service.

Base Station (BS):

The base station system comprises a base station controller (BSC) and one or more

base transceiver station (BTS).

The BSS is responsible for all functions related to the radio resource (channel)

management. This includes the management of the radio channel configuration with

respect to use as speech, data or signaling channels , allocation and release of

channels for call setup and release; control of frequency hopping and transmit power

at the mobile station.

Mobile Switching Center (MSC):

It is similar to the local ISDN switch with additional capabilities to support mobility

management functions like terminal registration, location updating and handoff.

These are the major functions :

call setup, supervision and release


11/98

call routing digit collection and translation billing information collection management of radio resources during a call

Home Location Register (HLR):

It represents a centralized database that has the permanent data fill about the

subscribers in a large service area. The HLR is kept updated with current locations of

all its mobile subscribers, including those who may have roamed to another network

operator within or outside the country. The routing information is obtained from the

VLR on a call-by-call basis.

the HLR maintains the subscriber data on a permanent basis:

International Mobile Subscriber Identity(IMSI) Service subscription information Service restrictions Supplementary services

Visiting Location Register(VLR):

This represents the temporary data store, and generally there is one VLR per

MSC.This register contains the information about the mobile subscribers who are

currently in the service area covered by the MSC/VLR.The features include :

Features currently activated Temporary mobile station identity(TMSI) Current location about the MS

Authentication Center (AC):

Generally associated with the HLR. It contains the authentication parameters that are


12/98

used in initial location registration; subsequent location updates etc. It maintains the

authentication keys and the algorithms so that the user authentication and channel

encryption may be carried out within the network.

Equipment Identity Register (EIR):

it maintains information to authenticate the terminal equipment so that fraudulent,

stolen or non-type - approved terminals can be identified and denied service. The

information is in the form of white, gray and black lists that may be consulted by the

network when it wishes to confirm the authenticity of the terminal requesting service

GSM ARCHITECTURE: BLOCK DIAGRAM

SIM Subscriber Identity Module

HLR Home Location Register

MS Mobile Station

VLR Vistor Location Register

BTS Base Transceiver Station

EIR Equipment Identity Register

BSC Base Station Controller

AC Authentication Center

MSC Mobile services Switching Center

PSTN Public Switched Telecomm Network


13/98

VLR Visitor Location Register

ISDN Integrated Services Digital Network

Chapter 2 HARDWARE DESCRIPTION

GENERAL

LIGHT EMITTING DIODE (LED)

The Gallium Arsenide (GaAs) crystal has the interesting property of radiating

significant amounts of infrared radiation from the junction. By adding

Phosphorus to the equation, they shortened the wavelength of the emitted

radiation until it became visible red light. Further refinements have given usyellow and green LEDs. More recently, blue LEDs have been produced, by

putting nitrogen into the crystal structure. This makes full-color flat-screen

LED displays possible.

The mechanism of emitting light is interesting. The atomic structure of the

LED is carefully designed so that as free electrons cross the junction from the

N-type side to the P-type side, the amount of energy each electron releases as

it drops into a nearby hole corresponds to the energy of a photon of some

particular color. Therefore, that photon is released as a visible photon of that

color.

ZENER DIODE


14/98

When the reverse voltage applied to a diode exceeds the capability of the

diode to withstand it, one of two things will happen, yielding essentially the

same result in either case. If the junction is wide, a process called avalanche

breakdown occurs, whereby the current through the diode increases as much

as the external circuit will permit. A narrow junction will experience Zener

breakdown, which is a different mechanism but has the same effect.

The useful feature here is that the voltage across the diode remains nearly

constant even with large changes in current through the diode. In addition,

manufacturing techniques allow diodes to be accurately manufactured with

breakdown voltages ranging from a few volts up to several hundred volts.

Such diodes find wide use in electronic circuits as voltage regulators.

SCHOTTKY BARRIER DIODE

When we get into high-speed applications for electronic circuits, one of the

problems exhibited by semiconductor devices is a phenomenon called charge

storage. This term refers to the fact that both free electrons and holes tend to

accumulate inside a semiconductor crystal while it is conducting, and must be

removed before the semiconductor device will turn off. This is not a major

problem with free electrons, as they have high mobility and will rapidly leave

the semiconductor device. However, holes are another story. They must be

filled more gradually by electrons jumping from bond to bond. Thus, it takes

time for a semiconductor device to completely stop conducting. This problem

is even worse for a transistor in saturation, since then by definition the base

region has an excess of minority carriers, which tend to promote conduction

even when the external drive is removed.


15/98

The solution is to design a semiconductor diode with no P-type semiconductor

region, and therefore no holes as current carriers. Such a diode, known as a

Schottky Barrier Diode, places a rectifying metal contact on one side on an N-

type semiconductor block. For example, an aluminum contact will act as the

P-type connection, without requiring a significant P-type semiconductor

region.

This diode construction has two advantages in certain types of circuits. First,

they can operate at very high frequencies, because they can turn off as fast as

they can turn on. Second, they have a very low forward voltage drop. This is

used to advantage in a number of ways, including as an addition to TTL ICs.

When a Schottky diode is placed across the collector-base junction of a

transistor as shown to the right, it prevents the transistor from becoming

saturated, by bypassing the excess base current around the transistor.

Therefore, the transistor can turn off faster, thus increasing the switching

speed of the IC.

TRIMMER POTENTIOMETER


16/98

A component needed for this project is a trimmer potentiometer. A potentiometer

consists of a resistive element with a movable electrical contact touching it. This

permits the potentiometer to serve as a continuously-variable voltage divider.

The figure to the right shows one of the many kinds of potentiometers available for a

wide range of applications. This one uses a screw to slowly advance the moving

contact along the resistance element. This allows accurate placement of the contact

and reduces the likelihood that an accident may move the contact away from the

desired position. The particular potentiometer that we will use requires 15 turns of the

screw to cover the entire resistance range.

This particular type of potentiometer is typically known as a trimmer potentiometer

(or trimpot for short), because it is intended to be adjusted or "trimmed" to a particular

setting, and then left there to retain its setting. It will seldom need to be readjusted in

normal use

VOLTAGE REGULATOR

The L78L00 series of three-terminal positive regulators employ internal current

limiting and thermal shutdown, making them essentially indestructible. If adequate

heat sink is provided, they can deliver up to 100 mA output current. They are intended

as fixed voltage regulators in wide range of applications including local regulation for

elimination of noise and distribution problems associated with single-point regulation.

In addition, they can be used with power pass elements to make high-current voltage

regulators. The L78L00 series used as Zener diode/resistor combination replacement,

offers an effective output impedance improvement of typically two orders of

magnitude, along with lower quiescent current and lower noise.


17/98

OPERATIONAL AMPLIFIER

TL074: The JFET-input operational amplifiers in the TL07_ series are designed as

low-noise versions of the TL08_series amplifiers with low input bias and offset

currents and fast slew rate. The low harmonic distortion and low noise make the

TL07_ series ideally suited for high-fidelity and audio preamplifier applications. Each

amplifier features JFET inputs (for high input impedance) coupled with bipolar output

stages integrated on a single monolithic chip. The C-suffix devices are characterized

for operation from 0 C to 70 C. The I-suffix devices are characterized for operation

from 40 C to 85 C. The M-suffix devices are characterized for operation over thefull military temperature range of 55 C to 125 C.

LM358: These devices consist of two independent, high-gain, frequency-

compensated operational amplifiers designed to operate from a single supply over a


18/98

wide range of voltages. The low supply-current drain is independent of the magnitude

of the supply voltage. Applications include transducer amplifiers, dc amplification

blocks, and all the conventional operational amplifier circuits that now can be more

easily implemented in single-supply-voltage systems.

LM386: The LM386 is a power amplifier designed for use in low voltage consumer

applications. The gain is internally set to 20 to keep external part count low, but the

addition of an external resistor and capacitor between pins 1 and 8 will increase the

gain to any value up to 200.The inputs are ground referenced while the output is

automatically biased to one half the supply voltage. The quiescent power drain is only

24 milliwatts when operating from a6 volt supply, making the LM386 ideal for

battery operation.

JAMMER HARDWARE


19/98

SQUARE WAVE GENERATOR

The principle of generation of square wave generator is to force an op-amp to

operate in the saturation region. The circuit shown below uses a comparator with both

positive and negative feedback to control its output voltage. Because the negative

feedback path uses a capacitor while the positive feedback path does not, however,

there is a time delay before the comparator is triggered to change state. As a result, the

circuit oscillates, or keeps changing state back and forth at a predictable rate.

Because no effort is made to limit the output voltage, it will switch from one extreme

to the other. If we assume it starts at -10 volts, then the voltage at the "+" input will be

set by R2 and R1 to a fixed voltage equal to -10R1/(R1 + R2) volts. This then becomes

the reference voltage for the comparator, and the output will remain unchanged until

the "-" input becomes more negative than this value.

But the "-" input is connected to a capacitor (C) which is gradually charging in a

negative direction through resistor Rf. Since C is charging towards -10 volts, but

the reference voltage at the "+" input is necessarily smaller than the -10 volt limit,

eventually the capacitor will charge to a voltage that exceeds the reference voltage.

When that happens, the circuit will immediately change state. The output will become

+10 volts and the reference voltage will abruptly become positive rather than


20/98

negative. Now the capacitor will charge towards +10 volts, and the other half of the

cycle will take place. The output frequency is given by the approximate equation:

Fout = 1/2RfC ln ((2R1/R2) +1)

In practice, circuit values are chosen such that R1 is approximately Rf/3, and R2 is in

the range of 2 to 10 times R1.

This circuit is also known as free-running oscillator or astable multivibrator.

INTEGRATOR

A circuit in which the output voltage waveform is the integral of the input

voltage waveform. A simple low pass circuit (RC) can work as integrator.

In the circuit shown, we have replaced the feedback resistor with a capacitor.

Therefore, any feedback current must be based on a change in output voltage. Asfeedback current flows, the capacitor will gain an electric charge, which will change

according to the cumulative effects of the output signal.

If the input voltage is zero, no input current will flow. Therefore no feedback current

can flow and the output voltage will remain constant. If the input voltage is non-zero,

the basic equation for the output voltage becomes


21/98

Vout = -Vin/RC + K,

where R is the input resistance in ohms, C is the feedback capacitance in farads, and

K is a fixed constant representing the accumulated voltage from the past.

If the input voltage is constantly changing, the output voltage at any instant will be the

integral of all past input voltage values. For example, a bipolar sine wave input will

actually produce another sine wave as its output, at a phase angle of 90 from the

input sine wave. Technically, the output will be a cosine wave.

A couple of factors are of interest with these circuits:

1. If the input is a constant positive dc voltage, the output will be a negativelinear ramp. There is no exponential factor in an op amp integrator. The

equation for the ramp will be

Vout = -Vint/RC

Where t is time in seconds.

2. In an analog computer, an initial condition can be applied as a startingvoltage on the capacitor, at the beginning of the integration process.

3. The integrator has an automatic and natural tendency to damp out any high-frequency noise that may appear in the input signal.

4. It is essential to avoid any long-term dc offset in the input voltage; if suchan offset is present, it will cause the output voltage to gradually shift toward

one extreme or the other, and stay there. In an analog computer, such an

offset problem is avoided by limiting the time during which the integration

process is allowed to continue. At the end of that time, the circuit is reset

back to its initial conditions before being allowed to repeat the operation.


22/98

BUFFER

It is a voltage follower (i.e.) it is a unity gain inverting amplifier. It has a very high

input resistance, because of which it reduces error caused by source loading and it

also isolates high impedance sources.

It has low input bias currents so that the input and the output voltages are

equal. These amplifiers have high slew rates. A coupling capacitor is used in series

with the input, in order to block the dc level.

The gain of the amplifier, and therefore the constant coefficient, is set by the input

and feedback resistors. The effective gain of the circuit is given by the equation :

= Rf/Rin

Therefore, the gain of this particular circuit is :

10k/10k =1

Thus, any voltage X applied to the input will be doubled by the amplifier, producing a

(negative) voltage Y at the output. If we must have the actual voltage Y, we can pass

the -Y signal through an op amp with its gain set at

-1. We could equally well invert the incoming X signal before applying it to the figure

to the right.

MIXER


23/98

It combines two input signals i.e. a radio frequency signal and a local

oscillator output to produce an output signal .

The frequency of the resultant signal contains both the sum and the difference

of the frequency components .

The mixer circuit then blocks the component with frequency equal to the sum

and allows only the difference frequency to pass through.

NOISE GENERATOR

The noise generator is just a standard 6.8 Volt Zener diode

.

Any Zener diode above or equal to 6.2 Volts will work in the noise generator, as

these Zener diodes have an "avalanche" region which generates a tremendous amount

of noise when properly biased.

VOLTAGE CONTROL OSCILLATOR

The Voltage Controlled Oscillator (VCO) is arguably the most important

component in a cellular phone jamming system. It is little four-terminal SMD device

(Power, Ground, RF Output, and Voltage Tune) which generates the required, low-

level RF output signal. Ideally, the VCO you choose should cover the frequency range

of the cellular base station's downlink frequencies (tower transmit) which needs to be

jammed.


24/98


25/98


26/98

RF SIGNAL JAMMER : OPERATION


27/98

It is a device to disrupt the reception of cellular phone system downlink frequencies.

This will prevent a cellular phone user from sending or receiving cellular phone calls

within the small jam radius.

The TL074 quad op-amp (U1) sweep generator of the cellular jammer exciter is based

around a few simple op-amp building blocks. First, op-amp U1a is configured as a

relaxation oscillator, or square wave generator. Basically, feedback resistor Rf

charges capacitor C until it reaches a voltage level set by resistors R1 and R2. The

op-amp then discharges, resulting a waveform which is a square wave. The above

values produce a frequency of approximately 19 kHz. Real world testing, however,

showed the frequency to vary between 17-18 kHz. A square wave is pretty useless in

a jamming circuit. Ideally, we want a ramp" or "triangle" waveform. When applied

to the voltage tune pin on an external Voltage Controlled Oscillator (VCO), the

resulting RF output will be "swept" across the entire tuning band. This is what is

needed for wideband jamming applications. In this particular circuit, op-amp U1b is

configured as an integrator, or as a Triangle wave generator. The resistor (R4) and

capacitor (C2)in the integrator op-amp's feedback network form a RC time constant

which is used to convert the incoming square wave into a triangle wave . The

feedback resistor (R4) should be approximately 10 times the input resistor (R3) . A

feedback capacitor value of 2200 pF was found to output the cleanest triangle

waveform with minimum signal attenuation. Op-amp U1c is configured as a buffer

(gain = 1). This helps to isolate the oscillator network from the rest of the circuits.

The series 0.1 F capacitors remove any DC bias voltage which may be present on

the op-amps outputs. The LM386-1 audio amplifier acts as a natural band-pass filter

and small-signal amplifier. The noise jamming signal is then mixed with the triangle

wave input. This will help in masking the jamming transmission, making it look like

random "noise" to an outside observer. Without the noise generator, the jamming

signal is just a sweeping, unmodulated Continuous Wave (CW) RF carrier. The final

op-amp, U1d, is configured as a summing amplifier (gain = 1), otherwise known as a

mixer. The output of a summing amplifier is the sum of the input voltages. The sum

of these input voltages should not exceed the +9 VDC of the TL074's positive voltage

rail. The input to this mixer is a triangle wave and a random "noise" signal. These

signals are mixed to form a new, "noisy" triangle waveform. When applied to the

VCO, the resulting RF signal will "sweep" across the cellular downlink frequencies,


28/98

and will be Frequency Modulated (FM) with the noise signal. This noise modulation

helps to increase the jammer's effectiveness. Another thing this op-amp performs is to

provide a DC offset for the VCO's voltage tune pin. What this does is give the

triangle wave a positive DC voltage offset to help "center" the triangle wave within

the required frequency range.

V-F values for CVCO55CL

Voltage Tune (+ Volts DC) Frequency Output (MHz)

0 790

1 810

2 830

3 850

4 870

5 890

6 910

.


29/98

SNIFFER HARDWARE

DETECTOR

The sniffer circuit uses BAT 45 diodes which are schottky diodes suitable for the

above application as it has good high frequency characteristics. The sensitivity of this

circuit is dependant on these diodes.

RESONANT CIRCUIT

The inductors L1 and L2 form a resonant circuit along with the antennae. These

inductors can be wound by using a copper enameled (30-24 SWG) wire. The number

of wounds needs to be tested for resonance. Here we use around ten turns.

AMPLIFIER

The amplifier circuit consists of LM358 a low power dual audio amplifier. The input

signal which is a sort of a noise is amplified in this stage before the output stage. This

amplifier operates in class A mode i.e. it gives low distortion even at high input

signal.

AUDIO JACK AND HEADPHONES

The audio jack is used to get the output from the amplifier stage and give it to the

headphones. The audio jack used here is similar to that used in any walkman. The

headphones are for the user to listen to the output.

SNIFFER : BLOCK DIAGRAM


30/98

RF SNIFFER: OPERATION

A cell phone while in use emits characteristic RF pulses. These pulses can be detected

and they indicate the presence of a cell phone either making or receiving a call, or

sending or receiving a message. The main component of the sniffer is the detector


31/98

diode. These diodes, as the name suggests, detects the RF pulses emitted by the

phone.

Detecting these pulses are not difficult, all that is required are a small aerial, a diode

detector and an amplifier. An improvement of this will be to use two sets of

directional antennae offset by 90 and feed the amplified diode output to a stereo

headset to produce a directional detector.

When the sniffer detects cell phone activity (either voice or text), noise is heard in the

earphones. If the noise in the right earphone is louder, the active mobile phone is to

the right of the detector and if the noise in the left earphone is louder, the active cell

phone is to the left of the sniffer.

The volume of noise is dependent on the proximity of the cell phone and the strength

of the signal.

The arrangement of antennae works rather like a persons ears and gives the user

spatial awareness of the transmitter directly.

SNIFFER CIRCUIT


32/98

INTERFACE

The interface unit consists of a rectifier unit. The input to the rectifier unit is the noise

signal from the sniffer unit. The output from the rectifier unit is added with a constant

DC signal. This acts like an input to the amplifier stage. The amplifier used here is

Lm741.The gain of the amplifier is adjusted such that it gives a DC signal of 5 volts


33/98

which acts like a gate trigger for the SCR. Once the SCR is triggered it automatically

switches on the jammer.

The sensitivity of the interface i.e. the response

of the jammer to the presence of any cell phone or RF activity can be fine tuned by

adjusting the gain of the amplifier stage.

Chapter 3 ANALYSES and SIMULATION

ANALYSIS AND SIMULATION

ANALYSIS OF SNIFFER

DETECTOR DIODEDetectors make use of the nonlinear characteristics of a

solid-state device to bring about frequency conversion

of an input signal. The more nonlinear the devices I-V

characteristics are, the more efficient the detection

process will be, i.e. a higher percentage of the signal

power at input frequency will be converted into signal

power at the output frequency.

The most common non-linear devices at microwave and RF frequencies are diodes.

Transistors can also be used.

The three basic types of signal frequency conversion circuits are:

A rectifier A detector A mixer

A rectifier is a circuit that converts the RF signal into a zero frequency signal (a DC

signal) with time and frequency domain signals as shown.

A detector (also called a demodulator) is a circuit that demodulates a modulated

carrier wave by discarding the carrier wave and outputting the modulating signal


34/98

RESPONSE OF A RECTIFIER IN TIME AND FREQUENCY DOMAINS

A rectifier is a special case of a detector where proper filtering is used at the output to

reject all frequencies except for the DC component.

TYPICAL DIODE RECTIFIER

RESPONSE OF A DETECTOR IN TIME AND


35/98

FREQUENCY DOMAINS

GENERAL DIAGRAM OF A DETECTOR

SMALL-SIGNAL ANALYSIS OF A DIODE

In general, a diode can be considered to be a non-linear

resistor with its I-V characteristic curve mathematically

given by


36/98

I (V) =Is (eV/nVt 1) (1)

Vt =KT/q (Vt=25mV at T=293K)

Is=diode saturation current

n =ideality factor (1n2) depending on the material and physical structure

of diode.

The characteristics of a diode are as shown below.

To perform a small-signal analysis, we assume that the total voltage across the diode

(V) is composed of a DC bias voltage(Vo) and a small signal RF voltage(v).

V = Vo+ v (2)


37/98

Substituting equation 2 in equation 1 and performing a

Taylor series expansion around the Q-point (Io,Vo ) ,we

get

I = I (Vo+v)= I (Vo) + v dI/dv.Vo vo + (1/2)v

2.d2I/dv2vo + (3)

where I(Vo) is the DC bias current given by:

Io= Is(eVo/nVt 1) (4)

The first order derivative corresponds to the dynamic conductance of the diode Gd(the

inverse of the junction resistance Rj0 and is given by:

Gd = 1/Rj = dI/dvvo

=(Is/nVt) eVo/nV

t

=(Io + Is)/(nVt) (5)

The second order derivative is given by

d2I/dv

2vo =dGd/dv

= G

d

= [Is/(nVt)2] eVo/nVt (6)

G

d = (Is +I0)/(nVt)2

= Gd/(nVt)

Eqn 3 can now be written as a DC current (I0) and AC small signal current

i(v) = I0 + i (7)

Where

i = vGd +1/2(v2G

d)+.. (8)

The three term approximation for the diode current (eqn 7) is known as the small

signal approximation or small signals, the higher order terms for I (above the second

order) may be truncated without much loss of accuracy.

UNMODULATED SIGNAL

The diode converts a portion of the input RF energy to a DC current that is

proportional to the input RF power. The type of detector circuit that uses an

unmodulated RF signal and converts it into a Dc output signal may also be referred to


38/98

as a rectifier. Assume that the diode is biased at a Q-point(Io,Vo) with an applied input

small signal RF voltage (v) having a frequency o and amplitude vm given by

v(t) = vmcos(ot) (9)

From eqns 7 and 8, the total current is composed of a Dc bias and an AC current

given by

I = I0 + i (10)

where

i =Gd vm cos(ot) +1/2[G

d vm2

cos2(ot)] (11)

Using the identity

cos2(ot) = [1 + cos(2ot)]/2

we get

i = vm2

G

d/4 + vm Gd cos( ot) + vm2

G

d cos(2 ot)/4 (12)

Thus,the total DC current is given by:

IDC = Io+ vm2

G

d/4 (13)

If the output RF signals of frequency o ,2o,and other higher order harmonics are

filtered out using a simple low-pass filter, the remaining output term will be

composed of the bias current Io and a term equal to vm2

G

d /4.The DC rectified

current is proportional to vm2,which is the input RF power.

ANALYSIS OF JAMMER



39/98

The capacitor charges between the values Vsat and Vsat . This determinesfrequency.

The voltage across capacitor is

Vc (t)=Vf+(Vi-Vf)e^-(t/RC)

Where

Vf= Vsat

Vi=-Vsat

T1 is the time constant at which voltage across capacitor reaches +Vsat and switching

takes place

Vc(t1)=Vsat - Vsat (1+)e^-(t1 /RC )

T1=RC ln (1+)/(1-)

And t = total time period

T= 2RC ln (1+ )/(1- )

F=1/t

The theoretical frequency is 16-20 kHz for the circuit we get


40/98

F= 1/(2RC ln (2R1+R2/R2)

The Rfvalue is fixed such that the gain is reduced

It is an inverting opamp.Hence

gain = - Rf/ R1

=-10/3.3

= -3 (approx)

Also at higher frequencies the effect of stray capacitance to the ground becomes more

pronounced. Hence the value of Cfchosen is low its .01F

The output waveform is not exactly symmetrical. Hence R1 is not equal to 1.16 times

R2. In this case R1 is 8R2.

This output a square wave pulse is given as input to the integrator.

INTEGRATOR

The amplitude of the wave is

+Vramp = - R2/R3 *Vsat

Where Vsat = Vcc


41/98

Here peak to peak amplitude is 40V so considering one half

20= - R2/ R3*Vsat

R2/ R3= 1.33

R3=10k

Hence R2 = 6.6k

Used here is a 10k multiturn pot

The break frequency is Fa = .723 kHz calculated from formula

Fa = 1/(2*Rf*Cf)

=1/ (2*3.14*10^4*(2200*10^-12))

=.723 kHz

At this frequency the gain is down by three decibels from its value of Rf/ R1

Gain = (.707*( Rf/ R1))

= .707*(100k/10k)

=7.07 (approx 10)

Now

G = 1/ ( R1Cf)

=1/(2*3.14*19*10^3*(10^4)*(2200*10^-12))

=0.378

at break frequency

G= .378 *(19*10^3)/(.723*10^3)

=10(approx)

Hence the circuit values are correct.

BUFFER

The buffer is just a unity gain amplifier with


42/98

Gain = -Rf/R1(Vin)

=-10k/10k*(20V)

=20

SIMULATION:

JAMMER CIRCUIT


43/98


44/98

SIMULATION RESULTS :


INTEGRATOR:


45/98

BUFFER :


46/98


47/98

NOISE GENERATOR:


48/98

MIXER:


49/98

Chapter 4 APPLICATIONS

MOBILE SNIFFER AND JAMMER: APPLICATIONS

Cellular phones though equipped with enough potential to change the way we live can

turn into major irritants or security threats. The cell phone jammers emit the same low

frequency radio signals as cell phones neutralizing each others signal.

A sniffer is used to detect sources of radio frequency in the vicinity. It is used to

detect when a cell phone is being used in the vicinity.

The utility of the above mentioned devices can be found at these places where these

detectors and jammers can be implemented.

SILENT ZONES: Hotels, Libraries, Training Classrooms, Medical centers and

Cinema Halls come under this classification. Its difficult to ask cell phone users to

switch off their phones. People tend to ignore instructions. Jammers can prove to be

very effective in such cases and eliminate awkward interaction. But it is essential to

have a prominent display to inform people that such devices are in use.

SECURITY: The utility of the sniffer and jammer for the security aspect pertains to

industrial espionage e.g. Use of cell phones SMS service to get information outside

the board room. Also the sniffer can be used to check the use of cell phone activity

and to find the culprit.

EQUIPMENT PROTECTION: Certain electronic equipment can be sensitive to RF

interference as in case of medical instruments.Sniffer systems can be used to detect

the presence of and RF activity and steps can be taken to annule its effect.

QUALITY INSPECTION: Some of the electronic devices eg microwave

oven,television,computers,cordless phones need to be checked for any unwanted RF


50/98

leaks. Also the RF power dissipated should be within specified limits such that they

dont harm the user.

The above mentioned utilities are to name a few. The applications of these devices are

widespread but mostly it finds its utility in military applications. The use of these

devices is not only restricted for surveillance but in controlled conditions can be used

for civilian applications as well. The use of jammers is banned in certain countries

because it itself poses a threat to security. Sniffer on the other hand can be used for

inspection purposes.

Chapter 5 COST EVALUATION and FURTHER DEVELOPMENTS

COST EVALUATION AND FURTHER DEVELOPMENTS

COSTING:

The approximate project cost estimate is around four thousand seven hundred. A

detailed cost list is given along with the list of components. The other costs involved

were for the printed circuit boards fabrication and designing which costed around one

thousand. Some amount of money was also involved for initial research work for the

project also for a few unsuccessful attempts. The basic cost of the project was

enhanced as we had to import one of the main components from abroad as it was not

available here.

FURTHER DEVELOPMENTS

The project was an attempt to build a mobile sniffer and jammer.Through the course

of the project, certain shortcomings were found and certain alternative ideas were

thought, which are discussed below.


51/98

The range and sensitivity of the sniffer and jammer was limited due to the useof discrete components but could have been improved by the use of special RF

IC and by using machine soldering for the components.

The sniffer output was an audio signal which has to be judged manually. Thejudgment of the directionality and range was dependant on the user. This

could have been improvised by the use of neural networks.

The utility of the jammer was restricted to the 805-900 MHz band. Thisrestriction could be removed by the use of a different voltage control oscillator

with a wider range.

The range of the jammer could be improved by the use of a RF poweramplifier stage and by increasing the RF power output the efficiency of the

jammer can be improved.

SIMULATION

JAMMER CIRCUIT


52/98


53/98


54/98


55/98


56/98


57/98


58/98


59/98


60/98


61/98


62/98


63/98


64/98


65/98


66/98


67/98


68/98


69/98


70/98


71/98


72/98


73/98


74/98


75/98


76/98


77/98


78/98


79/98


80/98


81/98


82/98


83/98


84/98


85/98


86/98


87/98


88/98


89/98


90/98


91/98


92/98


93/98


94/98


95/98

APPENDIX


96/98


97/98


98/98

REFERENCES

1. Essential Guide to RF and Wireless by Carl .J.Weiszman,Pearson Education, 2001.

2. RF Circuit Design Theory and Applications byReinhold Ludwig and Pavel Bretchko,Pearson Education, 2001.

3. Linear Integrated Circuits by D.Roy Choudhary, Shail B.Jain,New Age India Publishers, Third Edition, 2003.

4. Radio Frequency and Microwave byMathew M. Radmanesh,Pearson Education Asia.

5. Op-amps and Linear Integrated Circuit Technology byR.A.Gayakwad,Prentice Hall of India,Fourth edition, 2003.

6. Mobile and Personal communication Systems and Services byRaj Pandya, IEEE Press, PHI, 2001.

7. Electronic Circuit Analysis and Design by Paul Neaman,Mc Graw Hill International, Second Edition.

Internet :

www.microwaverf.com

www.mwrf.com

www.mouser.com

jam mobile

Documents