Project tutorial
Cellular Wardriving and Other IoT Shenanigans

Cellular Wardriving and Other IoT Shenanigans © MIT

A guide for the Hologram.io Arduino MKR 1400 GSM workshop for IoTDevFest PHX 2019.

  • 3,736 views
  • 2 comments
  • 20 respects

Components and supplies

Apps and online services

About this project

What are we doing?!

We're going to explore various uses of the Arduino MKR 1400 GSM for cellular projects! From wardriving for cell towers to connecting to IoT platforms!

Objectives:

  • Activate Hologram.io SIM card
  • Install Arduino IDE along with MKR 1400 board definition, MKRGSM and ArduinoMQTTClient libraries
  • Set up the Arduino MKR 1400
  • Test SMS and GPRS connections (to verify everyone is in a workable state)
  • Cellular wardriving example
  • Network hopping
  • Use MQTT over cellular to connect to an IoT platform

Hologram Network

Hologram.io is a cellular network provider perfect for makers. At $0.60 /mo plus $0.40 per mb, you'll have plenty of data for most IoT projects. You can get a free SIM card by going to hologram.io and then activate it at dashboard.hologram.io.

We'll provide Free Credit codes, so you wont have to put in any billing information for this workshop!

Its important to do this part first so that your SIM has time to activate as we set up our coding environment.

Install Arduino IDE

Download the Arduino IDE at the following link. We will not be using the online code editor for this project.

https://www.arduino.cc/en/Main/Software

Install MKR 1400 Board Definition

  • Open Arduino IDE
  • Go to Tools > Board > Boards Manager
  • Search MKR and an entry for "Arduino SAMD Boards" will show up, install that

Install Arduino Libraries

  • Open the Arduino IDE
  • Go to Sketch > Include Library > Manage Libraries
  • Search for MKRGSM and install it
  • Search for ArduinoMqttClient and install it

Connecting the Arduino MKR 1400

  • Insert the SIM card into the Arduino MKR 1400 as shown above
  • Attach the antenna
  • Plug in the battery (Needs to be at least 1500 maH)
  • Connect the USB cable
  • Open the Arduino IDE, select "Arduino MKR 1400" in Tools > Board
  • In Tools > Port select your board (it should be obvious which one to select)

GSM Network Jumper Example

https://github.com/benstr/GSM-Network-Jumper-Example

This example demonstrates quickly jumping to different carriers on the fly. It scans and prints available carriers to the serial monitor and waits for user input.

The custom function "jumpCarrier" sends AT commands directly to the modem.

Available Commands:

"att" - AT&T 3G

"tmo2" - T-Mobile 2G

"tmo3" - T-Mobile 3G

Copy the code from the above link into a new sketch, upload, and open the Serial Monitor and give it a try!

A combination of this method and the Wardriving example could be used for some interesting network exploration shenanigans...

Test SMS

  • In Arduino, open Examples > MKRGSM > Receive SMS
  • Click upload!
  • Click the magnifying lens icon to open the Serial Monitor

  • Go back to dashboard.hologram.io and select your device
  • Click the "via SMS" tab under "Send a Message"
  • Type some arbitrary message and hit send!

You should see output in the Serial Monitor similar to this!

SMS Messages Receiver

GSM initialized

Waiting for messages

Message received from:

+44793740520

Hello World!

END OF MESSAGE

MESSAGE DELETED

Test GPRS

This code will simply attempt to connect to GSM and GPRS and confirm success or fail.

APN Information

When connecting to a GPRS network you typically need to include an Access Point Name and login credentials. In the case of the Hologram.io network you simply need to include "hologram" as the APN and leave login credentials blank!

  • In Arduino, click File > New
  • Paste in the code from below
  • Upload!
  • Open the Serial Monitor
#include <MKRGSM.h>
const char PINNUMBER[] = " ";
// APN data
const char GPRS_APN[] = "hologram";
const char GPRS_LOGIN[] = " ";
const char GPRS_PASSWORD[] = " ";
// initialize the library instance
GPRS gprs;
GSM gsmAccess;
void setup() {
 // initialize serial communications and wait for port to open:
 Serial.begin(9600);
 while (!Serial) {
   ; // wait for serial port to connect. Needed for native USB port only
 }
 Serial.println("Starting Arduino web client.");
 // connection state
 boolean connected = false;
 // After starting the modem with GSM.begin()
 // attach to the GPRS network with the APN, login and password
 while (!connected) {
    Serial.println("Begin GSM Access");
   //Serial.println(gsmAccess.begin()); //Uncomment for testing
   if ((gsmAccess.begin() == GSM_READY) &&
       (gprs.attachGPRS(GPRS_APN, GPRS_LOGIN, GPRS_PASSWORD) == GPRS_READY)) {
     connected = true;
     Serial.println("GSM Access and GPRS Success");
   } 
   else {
     Serial.println("Not connected");
     delay(1000);
   }
 }
}
void loop() {
}

Output should look like this

Starting Arduino web client.

Begin GSM Access

GSM Access and GPRS Success

CELLULAR WARDRIVING EXAMPLE \m/

Ever been curious about the locations of cell towers and coverage?

There are plenty of awesome utilities and functions available in the MKRGSM Library (See Reference), we'll be using the Location and Scan Networks instances for this example. The expected output is triangulated GPS location along with any nearby carriers and their signal strength.

Example Output:

GSM networks scanner

Starting GSM location.

Modem IMEI: 357520074233053

> T-Mobile

> AT&T

Current carrier: 0041005400260054

Signal Strength: 13 [0-31]

Location: 38.0000000, -97.0000000

Altitude: 0m

Accuracy: +/- 4100000m

Connecting to MQTT

MQTT (Message Queuing Telemetry Transport) is probably the most commonly used messaging protocol for the Internet of Things. We're going to connect the Arduino MKR 1400 to an MQTT broker to create a very basic IoT application!

Thankfully, the MKRGSM library gives us a client object that is interchangeable with WiFi or Ethernet clients. Meaning we can just drop it into existing network libraries.

We'll be creating an MQTT connection to a public MQTT broker and using it to publish and subscribe to topics. The example sketch provided will print out incoming messages from the subscribed topic to the serial console. It will also periodically publish a sensor value to a separate topic.

We'll use chirpers.io to interact with the Arduino remotely! Chirpers is essentially a fork of node-red that runs entirely client-side in the browser and lets you interact with hardware and web services to build IoT applications visually!

Program the sketch!

The secrets file has all your credentials for GPRS, in this case we only need the APN which is already set to Hologram. We're going to add the MQTT server credentials next.

Broker: iot.eclipse.org

Port: 1883

topic: hologram-YOUR-NAME/to (this is for messages to your device)

publishTopic: hologram-YOUR-NAME/from (messages from your device)

Upload the code and open the Serial Monitor!

Chirpers!

We don't need to create an account to use chirpers.com . Since it runs in your browser, it also saves everything in your local storage.

  • Go to https://chirpers.com/browser/
  • Drag in an inject node. This is basically a trigger to kick off a message. By default it outputs a timestamp.
  • Drag in an MQTT out node. This lets us publish messages. Connect the inject node to it.
  • Double click on the MQTT out node. Click the edit icon to add a new broker.

Broker Settings

Server: wss://iot.eclipse.org:443/ws

  • Click update
  • Add your hologram/to topic in the topic field.

  • Do the same with an MQTT out node to a Debug node but use your hologram/from topic.
  • Click Run!

Clicking the inject should send a timestamp to your Arduino MKR which will reflect on the Serial Monitor.

Sensor values from your Arduino MKR should show in the Debug tab on Chirpers!

Your main loop is where you can change what messages you are sending. Bonus points if you do something interesting ;)

void loop() {
 // call poll() regularly to allow the library to receive MQTT messages and
 // send MQTT keep alives which avoids being disconnected by the broker
 mqttClient.poll();
 // Set the rate at which we send our values
 delay(1500);
 // read the first Analog pin
 int sensorVal = analogRead(0);
 // Publish our sensor value
 mqttClient.beginMessage(publishTopic);
 mqttClient.print(sensorVal);
 mqttClient.endMessage();
}

This function at the end of the sketch handles incoming messages

void onMqttMessage(int messageSize) {
 // we received a message, print out the topic and contents
 Serial.println("Received a message with topic '");
 Serial.print(mqttClient.messageTopic());
 Serial.print("', length ");
 Serial.print(messageSize);
 Serial.println(" bytes:");
 // use the Stream interface to print the contents
 while (mqttClient.available()) {
   Serial.print((char)mqttClient.read());
 }
 Serial.println();
 Serial.println();
}

Chirpers Flow

If you wanna cheat you can copy this and import it into your flow from the chirpers.io menu. Just be sure to change the topics to match yours!

[{"id":"5199e666.cafc58","type":"mqtt-broker","z":"91xN7kD2zjI","server":"wss://iot.eclipse.org:443/ws","clientId":"","username":"","password":""},{"id":"SDgXjXm8EXM","type":"mqtt in","z":"91xN7kD2zjI","name":"","topic":"hologram/from","broker":"5199e666.cafc58","x":96,"y":117,"wires":[["q-msFzzDVmw"]]},{"id":"q-msFzzDVmw","type":"debug","z":"91xN7kD2zjI","name":"","active":true,"console":"false","complete":"false","x":287,"y":116,"wires":[]},{"id":"mib-Z2IUCWQ","type":"inject","z":"91xN7kD2zjI","name":"","topic":"","payload":"","payloadType":"date","repeat":"","crontab":"","once":false,"allowDebugInput":false,"x":101,"y":39,"wires":[["TCHX2DIYKn4"]]},{"id":"TCHX2DIYKn4","type":"mqtt out","z":"91xN7kD2zjI","name":"","topic":"hologram/to","broker":"5199e666.cafc58","x":267,"y":39,"wires":[]}]

Code

changeBand functionArduino
Call changeBand(GSM_MODE_GSM850_PCS); in setup to change band.
void changeBand(String newBandName) {
  // Use GSM_MODE_GSM850_PCS for USA

  GSMBand band;
  
  Serial.println("Restarting modem...");
  band.begin();
  Serial.println("Modem restarted.");

  String bandName = band.getBand(); // Get and print band name
  Serial.print("Current band:");
  Serial.println(bandName);

  delay(200);
  
  bool operationSuccess;
  operationSuccess = band.setBand(newBandName);
 
  if (operationSuccess) {
    Serial.println("Success");
    String bandName = band.getBand(); // Get and print band name
    Serial.print("New band:");
    Serial.println(bandName);
  } else {
    Serial.println("Error while changing band");
  }
}
Code Examples
This includes the Wardriving and MQTT examples

Comments

Similar projects you might like

Cellular IoT with Blynk & Hologram

by Moheeb Zara

  • 7,542 views
  • 11 comments
  • 25 respects

Use Losant on a Cellular Arduino

by Moheeb Zara

  • 2,224 views
  • 0 comments
  • 7 respects

IoT Blink - Getting started with IoT

Project showcase by AppShed Support

  • 2,026 views
  • 0 comments
  • 11 respects

Arduino MKR GSM 1400: Cellular IoT Data Visualisation

Project tutorial by Alexis Susset

  • 1,938 views
  • 0 comments
  • 6 respects

LTE Cellular Shield for Arduino with Voice!

by Timothy Woo

  • 7,908 views
  • 9 comments
  • 18 respects
Add projectSign up / Login