[rm30]

The smartphone is just an advanced walkie-talkie, currently limited only by the mobile operator, the law, the radio chipset, and the OS.

In a true emergency, who can stop you from modifying that architecture? Once you treat the device as an independent radio node (using its DSP power to run custom modems) you can establish a mesh network with a range of several kilometers.

We have a '4x4 car in our pockets; we’ve just been conditioned to treat it like a toy.

[catlifeonmars]

Not disagreeing with you, but you’re papering over a lot of complexity.

Note that cellular radios are highly specialized and the filtering circuits are tuned to specific bands. It’s not exactly like having a software defined radio in your pocket.

Next, at the modem level, you’ll need to implement and then sideload custom firmware. Finally, you’ll need to expose the right APDUs to the kernel to manage the whole thing.

TBH it sounds like a fun side project, but my point is you need to repurpose a lot of different parts of the stack to accomplish what you want.

[rm30]

I was pushing on the walkie-talkie case to gain the maximum results from existing phones, that's a true emergency case.

You’re absolutely right that the 5G/LTE baseband is a black-box nightmare to repurpose. But I’m not looking to hack the cellular modem; I’m looking for the dormant '4x4 car' already available.

For instance, many chipsets have an integrated FM receiver that is essentially a high-sensitivity VHF radio. By taking the raw audio output and applying a Software Modem (AFSK/FSK) in the user-space, you bypass the kernel/firmware complexity entirely. You don’t need to sideload a modem driver if you treat the audio jack or the internal FM bus as your physical layer.

The 'complexity' is real if you try to fight the manufacturer's fences, but it vanishes if you understand the full stack. A pair of wired headphones becomes your dipole antenna, and the phone's CPU becomes your DSP engine. It’s not about rebuilding the Ferrari; it’s about realizing there’s a VHF engine hidden in the chassis that doesn't need 'permission' to receive bits. You just need a software demodulator the catch them, but for sending you'll need an external transmitter (an USB SDR or jack-to-FM).

[catlifeonmars]

> For instance, many chipsets have an integrated FM receiver that is essentially a high-sensitivity VHF radio. By taking the raw audio output and applying a Software Modem (AFSK/FSK) in the user-space, you bypass the kernel/firmware complexity entirely. You don’t need to sideload a modem driver if you treat the audio jack or the internal FM bus as your physical layer.

This is fascinating. Happy to do the research myself, but do you have any recommended reading/sources to learn more about this?

[rm30]

I'm glad you find it interesting. I developed the theory at university, studying how ASK and FSK modems work. To build this, you’ll need to understand the Shannon-Hartley theorem, band-pass filtering, Fourier transforms, and convolution.

For the practical 'how-to,' I recommend studying GNU Radio and SDR++; they show how to process IQ data or raw audio streams directly, and for sure there are other libraries. On the 'ancestor' side, look at the AX.25 Packet Radio protocol and AFSK (Audio Frequency Shift Keying). These are the same 'softmodem' principles used in FidoNet nodes decades ago.

GSM Arena can help you find phones with integrated FM receivers. You'll notice that many features are market-dependent, meaning: the receiver is often physically present but simply disabled by software.

[heisenbit]

The smartphone is talking to a highly sensitive receiver fed by a large sensitive antenna listening carefully in the direction of the smartphone. The base station is transmitting back a carefully directed beam with orders of magnitude more power than a smartphone. The system is highly asymmetrical. Ohh and maybe there is not one but many base stations talking concurrently to the smartphone so that if one looses some data the flow is maintained.

[catlifeonmars]

Since I’m not able to edit my original comment: rm30 is actually referring to something much more interesting than jailbreaking the LTE/NR stack.

> For instance, many chipsets have an integrated FM receiver that is essentially a high-sensitivity VHF radio.