Obviously, with a mobile-based transmission (telephone-relay antenna, for example), the downlink (the downlink, base to mobile) will be the easiest to jam because we are typically closer to the mobile than to the base. The opposite would involve:
- Jamming the uplink.
- Having a signal jammer is more powerful than a mobile.
- Being very close to the base.
The signal jammer I’m talking about here has a power of about 100mW (20dBm) per band, knowing that a mobile phone can go up to 250mW for the uplink and relay antennas up to a few watts for the downlink.
You can easily find the frequency assignment on Wikipedia:
- GSM 900 and 1800 (mobile phones)
- DECT (cordless telephones)
- UMTS (3G)
- Wireless
To simplify things even more, here are the frequency ranges that interest us and which may be rotten with the signal jammers presented:
- 920~960MHz, downlink GSM 900 (with GSM-R, for trains!)
- 1805~1880MHz, downlink GSM 1800
- 2120~2180MHz, 3G downlink
A range that is usually not reached by these signal jammers but which can be reached after adjustment of the GSM 1800 part: 1880~1900MHz, DECT.
The dismantling is rather simple; you have to remove the antennas and the 8 screws on the two plates; remember to remove the plastic piece of the push button and push the circuit from the top downwards; if it resists, pull it carefully to use pliers from below.
If you happen to explode the push button, know that a classic “subminiature switch” can fix it for you. If you had trouble pushing the circuit out of the box, consider filing its edges before reassembling it.
It might not be that great when you receive it; an instructable gives some info on how to tune it but doesn’t go into enough detail to get it right.
Let’s start with the principle of a simple jammer:
It is necessary to emit modulated noise signals over a range of frequencies. The simplest solution would be to sweep from low to high frequency and start again. Then modulate the voluntary “noise” by this frequency.
For this, the jammer uses three main components:
A timer that will provide regular peaks
A system (variable according to the models) will give a ramp signal from these peaks.
A VCO (Voltage Controlled Oscillator) will provide a variable frequency, depending on the ramp.
The signal to be adjusted is the ramp-shaped one, which will control the VCO and therefore provide the desired frequency range. The precision of the shape does not matter but can make the VCO unstable; the amplitude and the offset are the determining factors.
A power supply and charging circuit, taking care of switching the 4.2V of the battery to 5V.
Ramp generators and a radio stage per antenna output (the VCOs are the silver rectangles).
Fortunately, the part that generates the ramps is lined with potentiometers.
In the space of a year, the changes made to the circuit are minimal: the VCOs have been changed, and the reference of the integrated circuits is sometimes not erased.
A source of varied VCOs at reasonable prices: MiniCircuits
You can adjust these jammers using a spectrum analyzer, a DTT tuner key, and SDRSharp. I use an RF Explorer for better precision and a wider viewable band. The signal jammer simply emits noise over a band of frequencies, preventing the cell phone from differentiating that noise from good data.
The GSM frequency band for the downlink is between 935-960 MHz. There is no need to rot the uplink (which would be a lot harder!).