An Interesting, SECURE, Comm's Device, for your CN-AoO

Discussion in 'Blogs' started by BTPost, Feb 17, 2011.

  1. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    iDen/ISM Cellphones with the MotoTalk/DirecTalk Option, (MOTO Talk - Wikipedia, the free encyclopedia) are a cheap and simple Comms device for the CN AoF. (Close Neighborhood Area of Operation 3-5 miles) These units were originally Marketed by Motorola to Nextel/Sprint/Boost Mobile, for Construction Companies, large Warehouses, and outfits that needed both Cellular Service, AND WalkieTalkie like comms, for local communications, in one unit. By doing this, they could keep the local comms OFF-Network, (No CellService required) and still allow the Cellular Service for comms, external to the local site. This advantage also gives the Cellular Network less network traffic, by keeping local comms, only local. Motorola picked the ISM Band, (Industrial, Scientific, Medical Band) in the 902-928 Mhz spectrum, for the Off-Network stuff because it is just above the Cellular Band at 800-900 Mhz, and the same Hardware could be programed to do both services. The ISM Band use by these devices is an unLicensed Use allowed under FCC Rules in CFR47Part 15. This same band is also used by the Military as the Primary User and the Amateur Radio Service as a Secondary User, and these are Licensed Radio Services. The Military by Executive Order, and the Amateur Radio Service by CFR47Part 97. As such, and ISM Users are NOT protected from interference, and must give protection to any Licensed Radio Service, where interference can be shown. ISM Users are limited to 1 Watt Tx RF Power, where the Amateur Radio Service is limited to 10w Tx RF Power and the Military has no Power Limit. Ok, That covers the Frequencies, and Licensing requirements for this spectrum, and who can, and and can not, complain about interference while using this spectrum space. Actually there are very few users in this spectrum, in either of the Licensed Radio Services, so this is really a NON-Issue, 99% of the time. Lets talk a bit about the Hardware. These are limited to 1 Watt Tx Power, so they are basically the SAME Tx Power, as the much more familiar FRS Radio Service units. Range will be very similar to the Unit to Unit ranges found in the FRS Radio units. There is a BIG technology difference between the iDen/ISM units and the FRS Units, in that the FRS units are just FM TwoWay Analog Radios, that can be picked up on ANY UHF Scanner and listened to, whereas the iDen/ISM Units are TOTALLY Digital in nature, because they are first, and foremost, Digital Cellphones, and when using the ISM Band, they use the same Hardware, for transmitting, and receiving. This means that ONLY a Digital Receiver, (Very High-end, and Expensive) programmed for the specific Frequency and Spreading Code, will be able to receive these signals. The design of these units allows for ISM Band to be divided into 10 chunks, or channels. Then the audio is digitized, and added to the selected Spreading Code, that then spreads the resulting RF, over the entire Channel Frequency chunk, making it very hard to even see on a Spectrum Analyzer. This is the instrument that Big Brother uses to find Comms, of Bad Guys, in the field. What we have here, then, is effectively, a cheap, small, portable, Comms device that uses Spread Spectrum Technology, to stay hidden, while in operation, from the normal snooping, and scanning, technology used by of 99% of the world. There is another feature of these Units, that for Private, Secure, Unit to Unit Comms, there is a PDN Code, (Ten Numerical Digits) that each unit has programmed in, that can be used, instead of the the regular Spreading Code. When in this mode, only these two units can hear, and communicate, with each other, because no other units will have the same PDN Code. Therefore it makes for a VERY Secure Comms System for CN AoO comms. This is as good of Comms Security that one can get, in the civilian world, without spending thousands of FRNs per unit. There are other Options, built-in to these cute little units, that also have some possibilities for use by knowledgable folks. Some have GPS chips in them that can be turned On and Off, using the UI (User Interface) of the unit. Some of them have BlueTooth technology built-in and can use that for Remote Audio to BlueTooth EarPieces. There are a few Monkeys that have been helping with the Operational Testing of these in the field, that also have some hacking and programming expertise. We are looking into the possibilities of hacking the firmware, to allow computer to computer digital comms, between two computers that are connected, each to a unit, via USB cables. This could add a whole new level of encryption, and security, to local comms. This function is allowed in the Cellular Mode, and is called "Tethering" We are exploring if this can de done, or can be hacked, for our purposes, in the MotoTalk/DirecTalk Mode. As it turns out, the External Antenna Port has proven to be non-functional in Mototalk Mode. I haven't looked into the internal Issues that cause this, but intend to get to the bottom of the issue in the future. So for now, the possibilities of installing a High Gain Base Antenna, and an external Tx Powder Amplifier are not in the immediate Cards.

    The i355 Motorola units have been going on eBay, in the price range of $10US - $15US each, with charger and Simm Card. We have learned, and VERIFIED, that a Simm Card is NOT REQUIRED, to use these in Group, or Squad Comms Mode. The Key Sequence to Boot the phone into this mode is: (Note: This only works IF you have NO Network Signals at your location. If you HAVE Network Signals, you will be calling their Help Line)

    1. Turn ON the Phone with the ON Button. the phone will show "No Sim"
    2. Dial "911" or "112" and then hit the the Green Call Key. Then Hit the Hangup Key.
    3. Dial "112" or "911" and hit the Green Call Key
    The unit will then Boot into DirecTalk Group, or Squad Comms Mode, with the ability to edit the Channel and Spreading Code setup, just like regular mode. There is one ISSUE, when booted in this Mode. The Private Unit to Unit Mode is no longer available, as there is no Sim, and this is where the Contact List, and the Private 10 Digit Number, (DT ID) is stored. If a Simm Card is installed, they do NOT REQUIRE that the Simm Card have an Active Account, or any Cellular Service Contract, OR Cellular Network, to be operational in the MotoTalk/DirecTalk Mode. So if you are looking to pickup, some of these, from eBay, and want the FULL Operational abilities, make SURE that a Simm Card is included, or that you HAVE a source, for a Simm Card, for each unit you get. We NOW have a Simm Card Programmer, which now may allow us to make our own Simm Cards, and to clone other Simm Cards, which will alleviate the need to have a Simm Card in a purchased Unit. I haven't had much luck with the Simm Card Programmer, as the software all runs on WinDoz, and I run a Mac Shop, but I am still working out the issues and hope to have them resolved in the near future.

    MOTO Talk is available on these Motorola iDEN models:
    r765 / r765is
    i560 Testing and works
    i355 Tested and works

    Also it has been brought to my attention that TriSquare Electronics Corp. makes similar ISM "ONLY" Radios that use the SAME Technology, and likely the same chipset, as the Motorola Units above. TriSquare claims 6 miles Range, but I think that is Product Hype, in that these are ALL CFR47Part 15 Devices and therefore limited to 1 Watt Tx Power, and built-in Antennas. TriSquare Units do NOT have an External Antenna Jack, and therefor can NOT use an External Antenna to extend Range. It is also noted, that the TriSquare Unit, I reviewed, (TSX-300) did have a Digital Messaging feature that the Motorola units do NOT have in their MotoTalk/DirecTalk Mode. I had a chat with the TriSquare Engineering Group to see if they had any interest, in extending the Digital Messaging feature, for Digital File Transfers, and or computer to computer exchanges. they were very noncommittal, but did show some interest, for that in a subsequent model, maybe.

    We now have some REAL World useful Range Data to report. In suburban areas with Buildings we have been getting 2+ Miles, using just the units themselves, with the Built-in Antennas. This also included some Inside Building to Inside Building comms, that have windows to the outside. In windowless Building environments, were are seeing ranges of .5 Miles. I would expect that it is somewhat better when both units are outside. In flat terrain with Mostly trees, we have been consistently getting 3-5 Miles ranges with solid comms. I have received a total of 14 units, and have put a five pairs out for testing in the Real World. Locally in the alaskan woods we are seeing about 2.5 miles range thru the trees. This is reduced to 1.5 miles if the trees are Wet, and uneven terrain, and 5+ miles over water, with just built-in antennas.

    I now have done a deconstruction, of a Motorola i355, and understand much more about the innards of these units. I can now remove the Built-in OEM Pull-up Antenna, and install the High Gain fixed aftermarket Antenna, which promises to extend the unit to unit range in Mototalk Mode. The procedure is to use a pair of Needle Nosed Pliers, and grab the thin rubber bushing just under the Pull-up Antenna, that is just inside the Plastic Case, and rotate it, counter-clockwise, about four turns. This unscrews the OEM Antenna from the phone, and once removed, allows you to screw in the Extended Range Antenna being sold on eBay. Oh, and another NOTE, here: When using the OEM Pull-up Antenna, it either has to be all the way UP, or all the way DOWN, to connect to the phone, as there are metal tabs that do these connections at the Top, and Bottom, but NOT, in the the middle, so be aware of that. I have now received 5 each of the Extended Range Antennas, for my local Units. These are available on eBay for around $8US each. We now have some Good REAL World Data on this modification. It looks very promising. I have experienced a 25% increase in Range, over the OEM Antennas, when they are in the "ALL the Way pulled Out" condition, and a 50% Range increase with the OEM Antenna, in the "Completely Collapsed" condition.

    I have now tested out the single unit to single unit, Privacy Mode of these Phones. You enter this, one to one Privacy Mode, by having both units on the SAME CHANNEL, and then before you press the PTT Switch you enter the 10 numeric digit Privacy code for the Unit you want to have a Private Conversation with. When the receiving Unit sees its PDN (Private Digital Number) as the spreading code it then goes to into Private Receive Mode and issues a Receive Beep and vibrate if those parameters are setup. When it is done receiving, that Unit remembers the Private Number of the Sending Unit, and if you transmit within a short window of time it uses the original Transmitters Private Number as it's spreading code and you then have a Private Conversation. The PDN for a Unit, is setup, in the "My Info" UI and can be edited to anything that a Users needs. You need to input a NAME, on the Name Line, and a 10 digit numeric Number on the Line 1 Line, and the Mobile Line, if you are using the Motorola Phonebook Modification Utility, to edit and load your Contact List. This number is the PDN that any other User would input in their Unit, to initiate a Private Unit to Unit conversation. Momma and I are using our Cellphone Numbers, for now, simply because we already have those memorized, but any number can be used. Once a Private conversation is finished the UI asks if you would like to store that Contact Information in your Units Contact List. If you choose to do this, then you would just have to select that Contact from your Contact List before pressing the PTT to start a new Private Conversation. Also understand, that once you have finished a Private Conversation, your Unit will revert back to the originally setup Spreading Code, that was programmed before you entered the other Units Private Number. So, NO user intervention is required, to bring you back on the Group Channel, and Spreading Code, for your local Group.

    I have now tested out the remote audio EarBud/Mic with external PTT Switch that is available on eBay for around $8US, and found them to be 100% operational in the Mototalk Mode.This allows semi-silent Operations, and High Ambient local Noise Operations, for these SECURE local AoO comm Units.

    One of our Monkey Friends, has graciously sent me three of the i560 Motorola Units, for testing. These are a FlipPhone version of the i355, with DirecTalk capability, JUST LIKE the i355 Motorola Units. The i560 uses the SAME Chargers as the i355s, and also the SAME EarBud/Mic with External PTT switch has been tested, and is KNOWN to work, as well. I have NOT conducted and Extended Range testing yet, but the i560 does have an OEM PullUp Antenna similar to the OEM PullUp Antenna of the i355 Units, and seems to be of the, either ALL the way UP, or ALL the way Down, for operation, type as the i355s have. On preliminary Inspection, there does NOT seem to be ANY External Antenna Port, or a way to replace the OEM Antenna with a High Gain, or Extended Range Antenna, as the i355 has, but that is just after a preliminary look. I found that the unit will Receive and Transmit in DirecTalk Mode in either the Open or Closed condition. This means that these would make a dandy Stealth Squad Comms Unit for Local AoO, when matched with a Remote Audio EarBud/Mic/PTT, and carried on a Head, or Shoulder Carried mounting with One EarBud in, and the PTT wire, run down the inside sleeve, with the switch at your Hand, along with the other EarBud used as the Mic. The version of Remote Audio Setup that I have seems to work, in this fashion, and leaving one ear open to the Terrain, is prudent OPSec Patrol Operations. Having the unit on a Head, or Shoulder Mount, with the OEM Antenna in locked in the UP Position with a drop of glue, would Maximize the Antennas availability and Range, for Operations. All the features and controls for the i560s seem to be the same as the i355s, except the i560s have two push buttons on the Top of the units, the I have NOT Identified, as of yet. The firmware and Tools provided by Motorola seem to all work the same, as well. I would say that they run the same firmware in in both, and speculate that it is the same, or very similar, thru the whole Family of iDEN/ISM Motorola Units. As more REAL World Range and Operational Data comes in from our Testers, on the i560s, I will update this section, so keep a lookout if you are interested, or have some of these.

    The FCC has changed the rules regarding the way in which radio amateurs can use Spread Spectrum technology. In its Report and Order released March 4th, 2011, the regulatory agency has eliminated the requirement that amateur stations transmitting Spread Spectrum to use Automatic Power Control or APC to reduce transmitter power. At the same time, the Commission has reduced the maximum power of a Spread Spectrum emission from 100 to 10 watts PEP. The changes are to Sections 97.311 and 97.313 of the Commission's Rules. This all will become effective 30 days after the Report and Order is published in the Federal Register. (FCC)
    This then means after April 4, 2011, Hams would be able to boost Tx Power to 10 Watts, from 1 Watt for these units, which is a 10 fold increase in Tx Power, and should produce a 3X range increase on flat terrain.

    Nextel Connector Pinout

    1. Ground
    2. NC
    3. Charge Voltage ( will charge with voltage >3.3v, 5 V works)
    4. Tx
    5. Rx
    6. RTS
    7. Power Provided by the phone to external Devices
    8. CTS
    9. DCD
    10. RE
    11. DTR
    12. DSR
    13. Serial Enable Not
    14. NC (probably mic, headphone, or ptt)
    15. NC (probably mic, headphone, or ptt)
    16. NC (probably mic, headphone, or ptt)
    17. Ground

    I will add to this blog, as Testing Data comes in, and is forwarded to "Me", by our Monkey Friends. so, if this is of interest to you, then check back..... Last edited on 3/13/14 To add the connector Pinout on the bottom of the Units.
    Last edited: Mar 13, 2014
    BenP, enloopious, Bandit99 and 8 others like this.
  2. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    I think I would rely upon some TA-1 PT types of coms in the AO, and run standard GMRS for extended ops on the move. I have some Tri-Square radios with freq hop and they work really well with lithium rechargeable batteries.

    The iDen phones appear to be awesome.
    I am definitely interested.
  3. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    After your PM, I have to say that I am very interested in finding out more...especially with the added antenna range possibility and the freq. range security.

    Will these work without a chip in them at all?
  4. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    Great updates! Thank you!
  5. Dunbar

    Dunbar Monkey++

    Thanks for the info BT, I will look into these units. They will be much better than an open 2 meter, for wife and I. We have a max 6 mile clear terrain separation.
  6. Gafarmboy

    Gafarmboy Monkey+++

    As a hard core Comm Rock (Just do not Get This Stuff) Thank you for breaking it down into English so that even I can grasp what you are talking about.
    Thanks a million.[respect]
    franks71vw likes this.
  7. Hazmat54

    Hazmat54 Monkey+++

    If I understand this correctly, no sim card is needed for the walkie/talkie function to work? I just ordered 2 of the 560's off of ebay. Neither has a sim card.
    franks71vw likes this.
  8. tulianr

    tulianr Don Quixote de la Monkey

    Mine also came without sim cards, and I had to buy sim cards for them (no great expense though) before they would work.
  9. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    These Phones WILL operated without Simm Cards in Squad Comms Mode.... HOWEVER, you do need at least ONE Simm Card to be installed, ONE Time, in each Unit, because one is REQUIRED, to setup the Unit, so that the Unit Boots into DirecTalk Mode, upon Bootup. If ANY Monkey needs a Simm Card to setup their Phones, I bought two dozen, and will send one out, to anyone who needs ONE.... ...... PM Me, if you find yourself in need, of this service.....
  10. MichaelC

    MichaelC Monkey

    Help! Noobie here would be super appreciative for any help. I purchased two used Motorola i576 phones. The motorola help line tells me they can't be used as walki talkies without a service plan. Is this true? If not, what is the first step in getting them to talk to each other. The phones say nextel on the back. Do I need to get blank nextel SIM card? When I dial the other phone's 10 digit number (128*1591*870) and press the Direct Talk button (on left), it results in a "Service Restricted" message. Please tell me what I am missing here because it sounds like a great idea to use these phones as walkie talkies. Thank you in advance.
  11. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    You must have the phone in DirecTalk Mode FIRST, otherwise you will NOT be using the ISM Frequency Band, but using the Cellular Band, which does require a Service Plan.... Do you have a Nextel SIMM ?
  12. MichaelC

    MichaelC Monkey

    Thanks for taking the time BTPost. Yes I do (the old ones that came with these second hand phones. Seems like they were part of a school system setup FWIW). I have the other phones 10 digit number as the only contact and when I "call " it by pressing the PTT buttons it now says "Service Not Available" even being in the DirecTalk mode. What would my next step be?
  13. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Not sure... I only have used i355s and i560s.... I could send you one of my preprogrammed SIMM Cards... And see if that changes the way things work...

    On my phones, they boot up in DirecTalk Mode, and are set to Ch5 Code5 then you use the the PTT to transmit and release it to Receive. Have you set up the Channel and Code in DirecTalk Mode?
    AmericanRedoubt1776 likes this.
  14. MichaelC

    MichaelC Monkey

    Wow. Finally got it to work! Thanks for your help. I don't think I had it in DirecTalk mode before. I am sooo happy. I spent 20 on the phone with Motorola today-they told me it couldn't be done without activating service. Then I spent 20 min with Sprint on the phone telling me it can't be're a genius! Doing the impossible ;). I'm glad I persisted. These thing work great! Thanks again for taking the time to help
  15. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Great...Glad you got them working... Send me you Field Test Data when you get them out in the field, so I can add it to the Knowledge Base here on the Monkey...
  16. franks71vw

    franks71vw Monkey+++

    Purchasing 2 and trying this out, great info, looking for single ear bud PTT switch. Question would any simm card do or must be a reprogrammed one?
  17. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Any Nextel/iDen/ISM Simm Card will do... If you need one for testing, and Setup, I have a cache of them, and can send you one, to get you going....
    AmericanRedoubt1776 likes this.
  18. Chap

    Chap Monkey

    BTPost, I am a little lost.
    When I read the direction in your inital post it said that, the unit should not have a sim card. But later you say that you need one to program it at least the very first time.
    What am I missing? Do I need it in?
    Also where I live I have cell signal, is there anyway around this so I can program them?

    Thanks in advance sorry to be so dense.
  19. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    You MUST have a SIMM card installed to get the unit into Setup Mode. This SIMM card does NOT need to be on an active Account. Once the unit has been Setup properly, the SIMM card CAN BE removed, and used to Setup another unit, as long a the first unit is used in Squad Comms Mode, and NOT in Private to Private Mode. That Mode REQUIRES that a SIMM card be in each unit, because the SIMM card is where the Private Ten Digit Number is Stored. This number is used as the Spreading Code in Private to Private Comms, where the 1 - 15 Code is selected and used in Squad Comms Mode.
    ditch witch likes this.
  20. goinpostal

    goinpostal Monkey+++

    For another option to the Nextel mobiles,do a search for"Sanyo spread spectrum cordless phones".

    Though the range was only about 1mi.,they were as secure and had about the same functionality.

  1. DKR
  2. William Warren
  3. bumpshadow
  4. hitchcock4
  5. DKR
  6. Garand69
  7. Bandit99
  8. BTPost
  9. DKR
  10. BenP
  11. Hanzo
  12. Asia-Off-Grid
  13. Asia-Off-Grid
  14. ED GEiN
  15. ED GEiN
  16. BenP
  17. Idahoser
  18. hitchcock4
  19. Southbound
  20. BTPost
survivalmonkey SSL seal warrant canary