Skip to the content.
Welcome to band.radio!
- This site is intended to be a repository for all of my projects concerning radio frequency (RF) technology i.e. amateur radio (HF/VHF/UHF, DMR), software defined radios, 3GPP wireless network standards such as LTE, NR. I have also written several gudies & articles, including 3GPP standards, Qualcomm Modem-RF systems, where I go in depth on how they’re used in commercial networks.
Guides & articles:
- How to enable NR-DC on Qualcomm Modem-RF X65 equipped equipped UEs Link
- How to enable 2xNR-CA (TDD+TDD, TDD+FDD, FDD+FDD) on Qualcomm Modem-RF X53,X60,X65 equipped equipped UEs Link
- How to enable 3xNR-CA (TDD+FDD+FDD, TDD+TDD+FDD) on Qualcomm Modem-RF X65 equipped equipped UEs Link
- How to enable 3xNR-CA (FDD+FDD+FDD) on Qualcomm Modem-RF X65 equipped equipped UEs Link
- How to enable VoNR on Qualcomm Modem-RF X52,X53,X55,X60,X65 equipped UEs Link
- How to enable Rel16 NR features on Qualcomm Modem-RF X65 equipped UEs Link
- How to enable NR-SA on Qualcomm Modem-RF X52,X53,X55,X60,X65 equipped UEs coming soon
- How to disable thermal mitigation on X52,X53,X55,X60,X65 equipped UEs Link
- How to enable additional NAS security capabilities on X52,X53,X55,X60,X65 equipped UEs Link
- How to unlock all band capabilities on X55, X60, X65 equipped Xperia 1 Series devices Link
- Understanding Q-RxLevMin & parameter bypass in lab scenarios Link
- Understanding p-max/p-NR-FR1 & parameter bypass in lab scenarios Link
- Understanding the Qualcomm 0xB826 packet Link
- How to enable Qualcomm Diagnostic Mode on commercial UEs Link
- How to compile & configure BladeRF with srsLTE Link
- How to repair Qualcomm Modem-RF equipped devices coming soon
- How to unlock the bootloader on commercial UEs Link
- How to read/write to the NAND flash on Qualcomm Modem-RF equipped devices coming soon
- List of early c-band site licenses (Verizon Wireless) Link
- AT&T mmWave coverage maps Link
- Demonstration of VoNR on T-Mobile US’ live commercial NR-SA n71 network Link
List of current projects:
- Reverse engineering of Qualcomm Modem-RF firmware to uncover new use cases and capabilities
- Ongoing participation in the CellMapper project, to create a crowdsourced database of LTE & NR commercial network deployments. My participation includes running the CellMapper application on several commercial handsets to contribute to these detailed maps of wireless networks. Information collected includes RSRP, SINR, RSRQ, channel width, EARFCN/ARFCN (frequency), PLMN (MCC-MNC); signal trails and eNB/gNB tower locations (both calculated and manually located).
- DMR: QSOs, programming of handheld DMR radios (i.e. TYT MD-380) for access to NEDECN, SkyWarn, other amateur VHF DMR repeaters.
- Obtain 0xB826 packets from commercial UEs and contribute my results to crowdsourced project cacombos.com
- BladeRF SDR with Ubuntu 20.04 LTS running srsLTE.
About me
- A licensed amateur radio technician and radio hobbyist. I also hold a GMRS radio station license (462 to 467 MHz). Currently employed as a senior network security engineer in the United States.
- Current interests: new FCC bandplans i.e. Digital Dividend (600 MHz), c-band (3.7 - 4.2 GHz), CBRS (3.55 - 3.7 GHz). Aforementioned bands are of interest due to their novel use in commercial telecommunications networks using the 3GPP 5G NR (New Radio) standard. I’m also interested in TDMA (digital) DMR services in the 70cm amateur radio band (420 - 450 MHz), and analogue voice services in the 2m, 70cm, 33cm amateur bands.
Resources & links:
- Crowdsourced LTE & NR carrier aggregation combo database: Link
- Crowdsourced LTE & NR commercial network deployment map: Link
- List of UEs supporting 600 MHz LTE & NR bands: Link
- U.S. Frequency Allocations Chart (NTIA): Link Mirror
- FCC band plans: Link
- Amateur Radio band plan (AARL): Link
- UE radio access capabilities standard (3GPP TS 38.306 version 16.5.0 Release 16 rev 5): Link Mirror
- UE radio access capabilities standard (3GPP TS 38.306 version 15.3.0 Release 15 rev 14): Link Mirror