This is something I got into a while ago but it randomly came into my head the other day, and I thought, aaaah yes, that was cool... need to share it with people.
If you've read my Scanning and Listening to Cordless Phones article on this site then you may already be armed with a scanner. If not, you'll need a scanner to do any activities here.
Pagers, pagers... Where do I start? They're pretty damn old skool... no one really uses them now that the text messaging revolution has become what it is now. However, a few places do still have uses for these - namely hospitals and automated alarm systems.
It should be no suprise that pagers operation over the radio waves, one of the reasons why I get excited (OK, well not excited, but mildly happy...) about this technology. Again, if you have read any articles of mine then you will know that anything that travels through radio waves is bad bad in terms of confidentiality, integrity and availability. Only with encryption can you sort the confidentiality bit out and also with a little intelligence, the integrity problem with HMACs (hashed message authentication codes), etc. Anywayyyy... I'm going way off topic. What I'm trying to say is... anything that I can pluck out of the sky, I like, well hopefully *we* like.
Pagers use a few different transmission formats - namely POCSAG (Post Office Code Standards Advisory Group) and FLEX - both on different baud rates; 512, 1200, 2400. We'll ignore ACARS, MOBITEX and ERMES and the like for now as that will just confuse things.
POCSAG is pretty old skool as you might expect - the module used is FSK (frequency key shifting) with +- a 4.5 kHz shift. The high frequency represents a 0 and you guessed it, the low frequency represents a 1. Told you it was old skool.
In the UK, most pager transmissions occur in the three bands that are 138 MHz, 153 Mhz and 466 MHz. In the US and elsewhere, could operate anywhere in the VHF/UHF bands! Google is your friend!
Now, lets get to the fun bit. How the feck do you decode these transmissions? You need a computer, check... a sound card, check... and a scanner, check 1, check 2? If you meet all three requirements then you're good to go!
You can do this two ways... you can go down Maplins and get yourself a double male audio cable so that you can feed in your scanner output straight into the line-in of your sound card... or, you can do it the hard way and put your microphone near your scanner speaker.
Done that? Ok, sweet. Now you have locked onto a frequency that somehow resembles what it would be like to listen to ET phoning home, and now that you have this goodness feeding into your computer... the next step.
We want to decode these transmissions. As good as the human brain is, I ain't gonna fuck with you... it ain't gonna be able to decode POCSAG on the fly. You will need to grab some free software to do this:
Multimon - Pocsag program for Linux, decodes pagers using sound card (Also handles AX.25, DTMF and ZVEI) (49k)
PDW 110f - Pocsag program for Windows, decodes pagers using sound card (Also does Flex, ACARS, MOBITEX & ERMES) (366k)
POC32 - Pocsag program for Windows, decodes pagers using sound card (402k)
I have used all programs and I have to say, each have their advantages and disadvantages. PDW 110f I quite like.
I forgot to mention that you will have to play with the squelch and also the volume on your scanner until the decoder software recognises it as the correct type and baud rate - this takes a couple minutes of playing... but as soon as you see "POCSAG 2400" show up as a transmission is coming in then you're sorted.
Frequencies to try: 153.150, 153.225, 153.250, 153.275, 153.350, 466.075, 137.975
The messages will be plucked out of the airwaves and decoded into sexy ASCII right in front of your eyes.
Nothing much to it eh?
Please note that this IS illegal. This technology has almost been faded out and for good reasons as you can see... security in the 80s and 90s, gotta love it eh?!
UPDATE: Found a video by some Yank that does what I just discussed, from using PDW to using a male-to-male audio plug. View it here.