Hacked Sprint/Nextel is a secure walkie talkie

Posted on Sunday, February 27th, 2011 in documentation, hacks, RF by the machinegeek

Looking for a unique way of communicating at your hackerspace? Why not hack used Sprint/Nextel phones into free “off the grid”, relatively secure walkie talkies? Here’s a cool keyboard trick which reportedly works on Sprint/Nextel Motorola i315, i325 models and some other Motorola phones, which puts the phone into “Direct Talk” (a/k/a MOTOTalk) mode. This allows it to function as a walkie talkie without going through the cellular or Nextel “Direct Connect” networks.

A chart containing these little known keyboard sequences is available on the Sprint/Nextel site. There are ten user selectable channels and 15 sub-channel codes per channel. Users on the same channel/sub pair can monitor and communicate with other users on the same pair.

Direct Talk mode allows the phone to transmit directly to other (similarly enabled) phones within a short distance. It uses the 900 MHz ISM band and spread spectrum modulation, which is unable to be monitored by scanner radios. Nextel states the range as up to 6 miles, but given the low transmit power used by these devices it could be considerably less. It should work on any previously activated Sprint/Nextel handset which recognizes the Direct Talk feature, and since it’s marketed as working even where network service is not available it should work with phones not currently on a paid subscription. The phone must have a SIM card installed. Inexpensive used handsets are often available on Ebay and other sites, so give it a try!

NOTE: This is not a hack to get free cellular service or free “Direct Connect” network usage.

This entry was posted on Sunday, February 27th, 2011 at 7:00 pm and is filed under documentation, hacks, RF. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

9 Responses to “Hacked Sprint/Nextel is a secure walkie talkie”

  1. If you buy a scanner in China or any location other than the US of A the 900 Mhz band can be monitored just like any other. While technically illegal to do so in the US there are no technological limitations that limit monitoring in that band.

    • Tom says:

      Bert ..

      You can buy scanners in the US and monitor 900Mhz. It is not illegal, though it is illegal to disclose what you hear. However the Nextel phones use digital spread spectrum technology which you are NOT going to monitor with a regular scanner.

  2. SteveG says:

    These cannot be monitored on any type of scanner, it is a proprietary relatively secure digital spread spectrum mode used in the 902-928MHz ISM (shared with hams) in the US.

    You’d pretty much need another radio with the direct talk feature to listen in to the non-private virtual channels and if someone sets up a ‘private’ converstation keyed on dialed phone number you’re NOT going to be able to listen in on it period.

  3. SteveG says:

    This would be sooo coool if we could get it open sourced and run the baseband on a software radio board.

  4. Gabriel says:

    What’s the range like on these in “direct talk” mode??

  5. DJ says:

    I have actually found a way to scan for users in that mode.. I havn’t come across but maybe 2 convo’s in 3-4 years.. but I actually have heard those in use.. I also like scanning with the Motorola DSR radios.. you can hear some local security people that use those from time to time..

  6. EL says:

    DJ could you let us know how to put a nextel phone on scan mode? Thank you.

  7. Ken R says:

    I have a ton of moto talk capable phones I had planned on using for semi secure 2ways but now that Sprint effectively killed Nextel and some government agencies have taken over parts of the system one that comes to mind is the SC Palmetto 800, batterys are getting hard to find for these radios. I will never give my units away or sell them at unless the price is right! You never know what the future holds??? If the internet ever goes down due to a terrorist event it might be the first only way to communicate? Kinda like a PTT pony express relaying messages until they get to their destination. Makes you wonder why company’s have been allowed to kill conventional communication? They could hold the world hostage by acting as a toll keeper to allow anything to move this includes money

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • Max: Hey, good job quoting as an abstract something the author writes about someone else's project... For the record, I do appreciate the proper attention to...
  • imqqmi: Also interesting to note that arduino's use the DTR signal to reset the device. I found this out because repetier was able to do this...
  • Kevin: A bit sad that you are using a knock off Saleae device unless you are not using Saleae software.
  • Max: For the Haxxor Edition he could add a Morse-to-scan-code translator to the code in the PIC (where the L337 Haxxor Special also accepts Unicode code...
  • KH: Someone with a PIC16F1459 project, well you don't see these every day. Methinks he repeats the USB 2.0 thing too much; this might mislead people...